VYPR

CVEs

100,075 total · page 1936 of 2,002

  • CVE-2016-2929HigNov 25, 2016
    risk 0.53cvss 8.1epss 0.01

    IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.

  • CVE-2016-0319HigNov 25, 2016
    risk 0.49cvss 7.5epss 0.02

    The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in…

  • CVE-2016-9450HigNov 25, 2016
    risk 0.49cvss 7.5epss 0.01

    The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

  • CVE-2016-6754HigNov 25, 2016
    risk 0.61cvss 8.8epss 0.05

    A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of…

  • CVE-2016-6745HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6744HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6743HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6742HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6741HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6740HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6739HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6738HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6737HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent…

  • CVE-2016-6736HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6735HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6734HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6733HigNov 25, 2016
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6732HigNov 25, 2016
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6731HigNov 25, 2016
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6730HigNov 25, 2016
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device…

  • CVE-2016-6729HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent…

  • CVE-2016-6728HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent…

  • CVE-2016-6717HigNov 25, 2016
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged…

  • CVE-2016-6707HigNov 25, 2016
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be…

  • CVE-2016-6705HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue…

  • CVE-2016-6704HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged…

  • CVE-2016-6703HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an…

  • CVE-2016-6702HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due…

  • CVE-2016-6701HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution…

  • CVE-2016-6700HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to…

  • CVE-2016-3904HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged…

  • CVE-2016-3025HigNov 25, 2016
    risk 0.53cvss 8.1epss 0.02

    IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

  • CVE-2016-2988HigNov 25, 2016
    risk 0.55cvss 8.5epss 0.01

    IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by…

  • CVE-2016-2985HigNov 25, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

  • CVE-2016-2984HigNov 25, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.

  • CVE-2016-1248HigNov 23, 2016
    risk 0.46cvss 7.8epss 0.25

    vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

  • CVE-2016-8673HigNov 23, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC…

  • CVE-2016-9562HigNov 23, 2016
    risk 0.49cvss 7.5epss 0.04

    SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

  • CVE-2015-8978HigNov 22, 2016
    risk 0.49cvss 7.5epss 0.02

    In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands…

  • CVE-2016-9151HigNov 19, 2016
    risk 0.54cvss 7.8epss 0.01

    Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.

  • CVE-2016-6466HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This…

  • CVE-2016-6460HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco…

  • CVE-2016-6458HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be…

  • CVE-2016-8562HigKEVNov 18, 2016
    risk 0.61cvss 7.5epss 0.04

    A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with…

  • CVE-2016-4333HigNov 18, 2016
    risk 0.56cvss 8.6epss 0.01

    The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside…

  • CVE-2016-4332HigNov 18, 2016
    risk 0.56cvss 8.6epss 0.01

    The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the…

  • CVE-2016-4331HigNov 18, 2016
    risk 0.56cvss 8.6epss 0.01

    When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.

  • CVE-2016-4330HigNov 18, 2016
    risk 0.56cvss 8.6epss 0.01

    In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.

  • CVE-2016-7913HigNov 16, 2016
    risk 0.51cvss 7.8epss 0.02

    The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

  • CVE-2016-7912HigNov 16, 2016
    risk 0.51cvss 7.8epss 0.02

    Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.