Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8444 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. | |||||
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| stalin 0.11-5 allows local users to write to arbitrary files. | |||||
| CVE-2016-7032 | 1 Todd Miller | 1 Sudo | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | |||||
| CVE-2016-3729 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | |||||
| CVE-2016-10042 | 1 Arcadyan | 2 Swisscom Internet-box, Swisscom Internet-box Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | |||||
| CVE-2014-8362 | 1 Vivint | 2 Sky Control Panel, Sky Control Panel Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | |||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.0 MEDIUM | 7.3 HIGH |
| dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | |||||
| CVE-2016-10065 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-8330 | 1 Oracle | 1 Solaris | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts). | |||||
| CVE-2016-7824 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||||
| CVE-2016-6777 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. | |||||
| CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | |||||
| CVE-2016-8642 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | |||||
| CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | |||||
| CVE-2016-7793 | 1 Sociomantic | 1 Git-hub | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||||
| CVE-2016-8298 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). | |||||
| CVE-2016-6789 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. | |||||
| CVE-2015-8987 | 1 Mcafee | 1 Agent | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | |||||
| CVE-2015-9006 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | |||||