ReportizFlow
Filtered by vendor
Subscriptions
Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10187 | 1 Calibre-ebook | 1 Calibre | 2025-04-20 | N/A |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | ||||
| CVE-2016-7955 | 1 Alienvault | 2 Ossim, Unified Security Management | 2025-04-20 | N/A |
| The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. | ||||
| CVE-2015-3643 | 2 Canonical, Usb-creator Project | 2 Ubuntu Linux, Usb-creator | 2025-04-20 | N/A |
| usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. | ||||
| CVE-2016-2126 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2025-04-20 | 6.5 Medium |
| Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. | ||||
| CVE-2016-0727 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | ||||
| CVE-2016-8960 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | N/A |
| IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718. | ||||
| CVE-2016-8803 | 1 Huawei | 1 Fusionstorage | 2025-04-20 | N/A |
| The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | ||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | N/A |
| lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | ||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | ||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-6902 | 1 Lshell Project | 1 Lshell | 2025-04-20 | N/A |
| lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | ||||
| CVE-2016-7628 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors. | ||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2025-04-20 | N/A |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | ||||
| CVE-2016-10341 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. | ||||
| CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | ||||
| CVE-2016-10398 | 1 Google | 1 Android | 2025-04-20 | N/A |
| Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. | ||||
| CVE-2016-10044 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.8 High |
| The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | ||||
| CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | N/A |
| The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | ||||
| CVE-2013-7432 | 1 Mapsplugin | 1 Googlemaps | 2025-04-20 | N/A |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | ||||
| CVE-2015-0162 | 1 Ibm | 1 Security Siteprotector System | 2025-04-20 | N/A |
| IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | ||||