Total
2822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10802 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | |||||
| CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
| CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | |||||
| CVE-2016-10472 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur. | |||||
| CVE-2016-10462 | 1 Qualcomm | 46 Sd 410, Sd 410 Firmware, Sd 412 and 43 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources. | |||||
| CVE-2016-10444 | 1 Qualcomm | 22 Mdm9206, Mdm9206 Firmware, Sd 205 and 19 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, and SD 835, SMMU Access Control Policy was updated to block HLOS from accessing BLSP and BAM resources. | |||||
| CVE-2016-10442 | 1 Qualcomm | 14 Mdm9640, Mdm9640 Firmware, Mdm9650 and 11 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code. | |||||
| CVE-2016-10440 | 1 Qualcomm | 12 Sd 425, Sd 425 Firmware, Sd 430 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, and SD 650/52, there is improper access control to a bus. | |||||
| CVE-2016-10422 | 1 Qualcomm | 60 Fsm9055, Fsm9055 Firmware, Ipq4019 and 57 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, improper access control in system call leads to unauthorized access. | |||||
| CVE-2016-10418 | 1 Qualcomm | 28 Mdm9206, Mdm9206 Firmware, Mdm9650 and 25 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control. | |||||
| CVE-2016-10417 | 1 Qualcomm | 64 Ipq4019, Ipq4019 Firmware, Mdm9206 and 61 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control. | |||||
| CVE-2016-0342 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783. | |||||
| CVE-2015-9337 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | |||||
| CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | |||||
| CVE-2015-9209 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, there is improper access control in a file storage API. | |||||
| CVE-2015-9152 | 1 Qualcomm | 42 Ipq4019, Ipq4019 Firmware, Sd 205 and 39 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 800, SD 810, SD 820, SD 820A, SD 835, and Snapdragon_High_Med_2016, modem owned regions are accessible from secure side. | |||||
| CVE-2015-9140 | 1 Qualcomm | 54 Fsm9055, Fsm9055 Firmware, Mdm9206 and 51 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, unauthorized memory access possible in online memory dump feature. | |||||
| CVE-2015-5350 | 1 Cloudfoundry | 1 Garden | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. | |||||
| CVE-2015-3888 | 1 Jolla | 1 Sailfish Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | |||||
| CVE-2015-10057 | 1 Little-apps | 1 Little Software Stats | 2024-11-21 | 4.0 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability. | |||||