ReportizFlow
Filtered by vendor
Subscriptions
Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8089 | 1 Huawei | 6 P7-l00, P7-l00 Firmware, P7-l05 and 3 more | 2025-04-20 | N/A |
| The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | ||||
| CVE-2015-8768 | 2 Canonical, Click Project | 2 Ubuntu Linux, Click | 2025-04-20 | N/A |
| click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. | ||||
| CVE-2016-3084 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | N/A |
| The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | ||||
| CVE-2016-10290 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782. | ||||
| CVE-2016-5934 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-20 | N/A |
| IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | ||||
| CVE-2016-5864 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | ||||
| CVE-2016-10120 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | ||||
| CVE-2016-5862 | 1 Google | 1 Android | 2025-04-20 | N/A |
| When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | ||||
| CVE-2015-3617 | 1 Fortinet | 1 Fortimanager Firmware | 2025-04-20 | N/A |
| Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | ||||
| CVE-2016-8427 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. | ||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | ||||
| CVE-2016-8445 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983. | ||||
| CVE-2016-5868 | 1 Google | 1 Android | 2025-04-20 | N/A |
| drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | ||||
| CVE-2016-5876 | 1 Owncloud | 1 Owncloud | 2025-04-20 | N/A |
| ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | ||||
| CVE-2016-8457 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. | ||||
| CVE-2020-36528 | 1 Platinumchina | 1 Platinum Mobile | 2025-04-15 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2016-5230 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | N/A |
| Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | ||||
| CVE-2015-5228 | 2 Criu, Opensuse | 2 Checkpoint\/restore In Userspace, Opensuse | 2025-04-12 | N/A |
| The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | ||||
| CVE-2016-7488 | 1 Teradata | 1 Virtual Machine | 2025-04-12 | N/A |
| Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | ||||
| CVE-2016-1636 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource. | ||||