Vulnerabilities (CVE)

Filtered by CWE-264
Total 5247 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1876 1 Lenovo 1 Solution Center 2025-04-20 7.2 HIGH 7.8 HIGH
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVE-2014-7920 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
CVE-2016-10013 1 Xen 1 Xen 2025-04-20 4.6 MEDIUM 7.8 HIGH
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
CVE-2016-10282 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.
CVE-2015-5675 1 Freebsd 1 Freebsd 2025-04-20 7.2 HIGH 7.8 HIGH
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
CVE-2016-6526 1 Samsung 1 Samsung Mobile 2025-04-20 9.3 HIGH 7.8 HIGH
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
CVE-2016-8433 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192.
CVE-2016-8447 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886.
CVE-2016-8445 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983.
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 9.0 HIGH 8.8 HIGH
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2015-7359 4 Ciphershed, Idrix, Microsoft and 1 more 4 Ciphershed, Veracrypt, Windows and 1 more 2025-04-20 4.6 MEDIUM 7.8 HIGH
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.
CVE-2016-8467 1 Google 1 Android 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784.
CVE-2016-4043 1 Plone 1 Plone 2025-04-20 3.5 LOW 4.9 MEDIUM
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
CVE-2016-5374 1 Netapp 1 Data Ontap 2025-04-20 6.5 MEDIUM 8.8 HIGH
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2015-9004 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 9.3 HIGH 7.8 HIGH
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
CVE-2016-4340 1 Gitlab 1 Gitlab 2025-04-20 6.5 MEDIUM 8.8 HIGH
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
CVE-2014-0229 2 Apache, Cloudera 2 Hadoop, Cdh 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
CVE-2016-9469 1 Gitlab 1 Gitlab 2025-04-20 5.0 MEDIUM 8.2 HIGH
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.
CVE-2016-10117 1 Firejail Project 1 Firejail 2025-04-20 7.2 HIGH 7.8 HIGH
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.
CVE-2016-4889 1 Zohocorp 1 Servicedesk Plus 2025-04-20 6.5 MEDIUM 8.8 HIGH
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.