Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9867 | 1 Emc | 1 Scaleio | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | |||||
| CVE-2016-6902 | 1 Lshell Project | 1 Lshell | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | |||||
| CVE-2016-1597 | 1 Netiq | 1 Access Governance Suite | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | |||||
| CVE-2016-10152 | 1 Hesiod Project | 1 Hesiod | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | |||||
| CVE-2016-10318 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | |||||
| CVE-2014-7921 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||||
| CVE-2004-2778 | 1 Gentoo | 1 Portage | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | |||||
| CVE-2016-6772 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. | |||||
| CVE-2016-8216 | 1 Dell | 1 Emc Data Domain Os | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-10284 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664. | |||||
| CVE-2015-5675 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | |||||
| CVE-2016-6903 | 1 Lshell Project | 1 Lshell | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | |||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | |||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | |||||
| CVE-2014-3222 | 1 Huawei | 1 Espace Meeting | 2025-04-20 | 6.6 MEDIUM | 7.0 HIGH |
| In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | |||||
| CVE-2016-9386 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |||||
| CVE-2016-4455 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||||