Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0727 | 1 Canonical | 1 Ubuntu Linux | 2017-04-20 | 7.2 HIGH | 7.8 HIGH |
| The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | |||||
| CVE-2016-5856 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-04-19 | 7.6 HIGH | 7.0 HIGH |
| Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. | |||||
| CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | |||||
| CVE-2016-10120 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | |||||
| CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | |||||
| CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 2.1 LOW | 3.3 LOW |
| Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | |||||
| CVE-2016-10119 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | |||||
| CVE-2016-10117 | 1 Firejail Project | 1 Firejail | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
| Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | |||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2017-04-17 | 9.3 HIGH | 8.1 HIGH |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2017-04-17 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||||
| CVE-2016-5071 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 10.0 HIGH | 8.8 HIGH |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |||||
| CVE-2015-7274 | 1 Dell | 2 Integrated Remote Access Controller 6, Integrated Remote Access Controller Firmware | 2017-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |||||
| CVE-2016-9197 | 1 Cisco | 1 Mobility Services Engine | 2017-04-13 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). | |||||
| CVE-2016-10318 | 1 Linux | 1 Linux Kernel | 2017-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | |||||
| CVE-2016-2404 | 1 Huawei | 12 Acu2, Acu2 Firmware, S12700 and 9 more | 2017-04-10 | 6.0 MEDIUM | 7.5 HIGH |
| Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation. | |||||
| CVE-2016-8803 | 1 Huawei | 1 Fusionstorage | 2017-04-05 | 4.1 MEDIUM | 7.5 HIGH |
| The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | |||||
| CVE-2014-8571 | 1 Huawei | 6 Ascend P6 Edge-c00, Ascend P6 Edge-c00 Firmware, Ascend P6 Edge-t00 and 3 more | 2017-04-05 | 4.3 MEDIUM | 3.3 LOW |
| Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones. | |||||
| CVE-2014-9696 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2017-04-05 | 6.5 MEDIUM | 8.8 HIGH |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. | |||||
| CVE-2014-9695 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2017-04-05 | 6.5 MEDIUM | 8.8 HIGH |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | |||||