Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9353 | 1 Advantech | 1 Susiaccess | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. | |||||
| CVE-2016-7583 | 1 Apple | 1 Icloud | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. | |||||
| CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | |||||
| CVE-2016-8445 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983. | |||||
| CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
| CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2025-04-20 | 5.5 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
| CVE-2016-7613 | 1 Apple | 4 Iphone Os, Mac Os X, Safari and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning. | |||||
| CVE-2015-4045 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |||||
| CVE-2016-6811 | 1 Apache | 1 Hadoop | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | |||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | 5.5 MEDIUM | 8.2 HIGH |
| The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||||
| CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | 9.0 HIGH | 9.1 CRITICAL |
| lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | |||||
| CVE-2016-8429 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429. | |||||
| CVE-2016-8202 | 1 Broadcom | 1 Fabric Operating System | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. | |||||
| CVE-2016-5853 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | |||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
| CVE-2014-8156 | 5 Debian, Fso-frameworkd Project, Fso-gsmd Project and 2 more | 5 Debian Linux, Fso-frameworkd, Fso-gsmd and 2 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. | |||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||