Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10289 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295. | ||||
| CVE-2016-10318 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | ||||
| CVE-2016-10284 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664. | ||||
| CVE-2016-10187 | 1 Calibre-ebook | 1 Calibre | 2024-08-06 | N/A |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | ||||
| CVE-2016-10151 | 1 Hesiod Project | 1 Hesiod | 2024-08-06 | N/A |
| The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2016-10119 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | ||||
| CVE-2016-10152 | 1 Hesiod Project | 1 Hesiod | 2024-08-06 | N/A |
| The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | ||||
| CVE-2016-10150 | 1 Linux | 1 Linux Kernel | 2024-08-06 | 9.8 Critical |
| Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | ||||
| CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail does not properly clean environment variables, which allows local users to gain privileges. | ||||
| CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | ||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | ||||
| CVE-2016-10126 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | ||||
| CVE-2016-10120 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | ||||
| CVE-2016-10089 | 1 Nagios | 1 Nagios | 2024-08-06 | N/A |
| Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | ||||
| CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | ||||
| CVE-2016-10117 | 1 Firejail Project | 1 Firejail | 2024-08-06 | N/A |
| Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | ||||
| CVE-2016-10116 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2024-08-06 | N/A |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | ||||
| CVE-2016-10041 | 1 Sprecher-automation | 1 Sprecon-e Service Program | 2024-08-06 | N/A |
| An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers. | ||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2024-08-06 | N/A |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | ||||