Total
5256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8216 | 1 Dell | 1 Emc Data Domain Os | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-10284 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664. | |||||
| CVE-2015-5675 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | |||||
| CVE-2016-6903 | 1 Lshell Project | 1 Lshell | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | |||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | |||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | |||||
| CVE-2014-3222 | 1 Huawei | 1 Espace Meeting | 2025-04-20 | 6.6 MEDIUM | 7.0 HIGH |
| In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | |||||
| CVE-2016-9386 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |||||
| CVE-2016-4455 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||||
| CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2025-04-20 | 1.2 LOW | 4.7 MEDIUM |
| The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | |||||
| CVE-2016-10044 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | |||||
| CVE-2016-8422 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426. | |||||
| CVE-2016-10288 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763. | |||||
| CVE-2016-10345 | 1 Phusion | 1 Passenger | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | |||||
| CVE-2015-4165 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
| The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | |||||
| CVE-2016-7955 | 1 Alienvault | 2 Ossim, Unified Security Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. | |||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | |||||