Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | |||||
| CVE-2005-4889 | 1 Rpm | 1 Rpm | 2017-08-17 | 7.2 HIGH | N/A |
| lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. | |||||
| CVE-2004-2768 | 1 Debian | 1 Dpkg | 2017-08-17 | 7.2 HIGH | N/A |
| dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. | |||||
| CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2017-08-17 | 1.9 LOW | N/A |
| Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | |||||
| CVE-2015-1378 | 1 Grml | 1 Grml-debootstrap | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | |||||
| CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2017-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||||
| CVE-2016-5266 | 1 Mozilla | 1 Firefox | 2017-08-16 | 5.8 MEDIUM | 8.1 HIGH |
| Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | |||||
| CVE-2016-5253 | 1 Mozilla | 1 Firefox | 2017-08-16 | 4.7 MEDIUM | 4.7 MEDIUM |
| The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | |||||
| CVE-2016-1457 | 1 Cisco | 1 Firepower Management Center | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | |||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2017-08-15 | 5.5 MEDIUM | 8.2 HIGH |
| The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||||
| CVE-2014-9260 | 1 Downloadmanager | 1 Download Manager | 2017-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||||
| CVE-2015-8621 | 1 Tcoffee | 1 T-coffee | 2017-08-15 | 2.1 LOW | 5.5 MEDIUM |
| t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | |||||
| CVE-2016-6644 | 1 Emc | 1 Documentum D2 | 2017-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||||
| CVE-2016-4382 | 1 Hp | 1 Performance Center | 2017-08-13 | 6.0 MEDIUM | 8.3 HIGH |
| HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. | |||||
| CVE-2016-3890 | 1 Google | 1 Android | 2017-08-13 | 7.6 HIGH | 7.0 HIGH |
| The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842. | |||||
| CVE-2016-3889 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585. | |||||
| CVE-2016-3888 | 1 Google | 1 Android | 2017-08-13 | 2.1 LOW | 2.1 LOW |
| internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. | |||||
| CVE-2016-3887 | 1 Google | 1 Android | 2017-08-13 | 6.8 MEDIUM | 7.8 HIGH |
| providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712. | |||||
| CVE-2016-3886 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438. | |||||
| CVE-2016-3885 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. | |||||