Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6790 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790. | |||||
| CVE-2016-6788 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467. | |||||
| CVE-2016-6785 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400. | |||||
| CVE-2016-6783 | 1 Google | 1 Android | 2017-01-18 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437. | |||||
| CVE-2017-0396 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. | |||||
| CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2017-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | |||||
| CVE-2017-0397 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688. | |||||
| CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2017-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
| CVE-2017-0398 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. | |||||
| CVE-2017-5480 | 1 B2evolution | 1 B2evolution | 2017-01-18 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. | |||||
| CVE-2016-8451 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033. | |||||
| CVE-2015-3320 | 1 Lenovo | 1 Usb Enhanced Performance Keyboard | 2017-01-17 | 2.1 LOW | N/A |
| Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | |||||
| CVE-2015-3322 | 1 Lenovo | 10 Thinkserver Rd350, Thinkserver Rd350 Firmware, Thinkserver Rd450 and 7 more | 2017-01-17 | 5.0 MEDIUM | N/A |
| Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | |||||
| CVE-2015-3441 | 1 Genexia | 1 Drgos | 2017-01-17 | 9.0 HIGH | 8.8 HIGH |
| The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. | |||||
| CVE-2016-10126 | 1 Splunk | 1 Splunk | 2017-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | |||||
| CVE-2016-4552 | 1 Roundcube | 1 Webmail | 2017-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. | |||||
| CVE-2016-5361 | 1 Libreswan | 1 Libreswan | 2017-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. | |||||
| CVE-2016-6354 | 2 Debian, Flex Project | 2 Debian Linux, Flex | 2017-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | |||||
| CVE-2016-6678 | 1 Google | 1 Android | 2017-01-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434. | |||||
| CVE-2016-6755 | 1 Linux | 1 Linux Kernel | 2017-01-17 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. | |||||