Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9353 | 1 Advantech | 1 Susiaccess | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.
|
|||||
| CVE-2016-4896 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
|
SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.
|
|||||
| CVE-2014-8571 | 1 Huawei | 6 Ascend P6 Edge-c00, Ascend P6 Edge-c00 Firmware, Ascend P6 Edge-t00 and 3 more | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
|
Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.
|
|||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
|
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
|
|||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
|
|||||
| CVE-2004-2778 | 1 Gentoo | 1 Portage | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
|
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
|
|||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.
|
|||||
| CVE-2016-8426 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426.
|
|||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
|
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
|
|||||
| CVE-2016-8005 | 1 Mcafee | 1 Email Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
|
|||||
| CVE-2016-10288 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.
|
|||||
| CVE-2017-6620 | 1 Cisco | 2 Small Business Rv Series Router, Small Business Rv Series Router Firmware | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
|
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A succes ...
Show More |
|||||
| CVE-2016-10285 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.
|
|||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
|
|||||
| CVE-2016-8803 | 1 Huawei | 1 Fusionstorage | 2025-04-20 | 4.1 MEDIUM | 7.5 HIGH |
|
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.
|
|||||
| CVE-2016-9366 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series v ...
Show More |
|||||
| CVE-2015-2673 | 1 Wpeasycart | 1 Wp Easycart | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.
|
|||||
| CVE-2015-4629 | 1 Huawei | 2 E5756s, E5756s Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.
|
|||||
| CVE-2016-8585 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
|
|||||
| CVE-2016-5979 | 1 Ibm | 1 Distributed Marketing | 2025-04-20 | 4.0 MEDIUM | 2.7 LOW |
|
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.
|
|||||
| CVE-2016-8451 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033.
|
|||||
| CVE-2015-4045 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
|
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
|
|||||
| CVE-2016-6811 | 1 Apache | 1 Hadoop | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
|
|||||
| CVE-2016-8452 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323.
|
|||||
| CVE-2016-1597 | 1 Netiq | 1 Access Governance Suite | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.
|
|||||
| CVE-2016-3067 | 1 Cygwin | 1 Cygwin | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
|
|||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2025-04-20 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
|
|||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
|
|||||
| CVE-2016-2779 | 1 Kernel | 1 Util-linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
|
|||||
| CVE-2016-3114 | 1 Kallithea | 1 Kallithea | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
|
|||||
| CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 2.1 LOW | 3.3 LOW |
|
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
|
|||||
| CVE-2016-2404 | 1 Huawei | 12 Acu2, Acu2 Firmware, S12700 and 9 more | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
|
Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, r ...
Show More |
|||||
| CVE-2016-7582 | 1 Apple | 1 Mac Os X | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | 5.5 MEDIUM | 8.2 HIGH |
|
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
|
|||||
| CVE-2016-8202 | 1 Broadcom | 1 Fabric Operating System | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
|
|||||
| CVE-2016-8465 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053.
|
|||||
| CVE-2016-6903 | 1 Lshell Project | 1 Lshell | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
|
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
|
|||||
| CVE-2016-8431 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.
|
|||||
| CVE-2016-10281 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.
|
|||||
| CVE-2016-2126 | 1 Samba | 1 Samba | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
|
|||||