Page 110 of 754 results (0.037 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2060

https://notcve.org/view.php?id=CVE-2016-2060

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application. server/TetherController.cpp en el controlador tethering en netd, según se distribuye con Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no valida correctamente nombres de interfaz de subida de flujo, lo que permite a atacantes eludir restricciones destinadas al acceso a través de una aplicación manipulada. • http://source.android.com/security/bulletin/2016-05-01.html https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2446

https://notcve.org/view.php?id=CVE-2016-2446

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. El controlador multimedia NVIDIA en Android en versiones anteriores a 2016-05-01 sobre dispositivos Nexus 9 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 27441354. • http://source.android.com/security/bulletin/2016-05-01.html http://www.securitytracker.com/id/1036763 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2059

https://notcve.org/view.php?id=CVE-2016-2059

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. La función msm_ipc_router_bind_control_port en net/ipc_router/ipc_router_core.c en el módulo del kernel IPC router para el kernel de Linux 3.x, según se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica que un puerto es un puerto de cliente, lo que permite a atacantes obtener privilegios o provocar una denegación de servicio (condición de carrera y corrupción de lista) haciendo muchas llamadas ioctl BIND_CONTROL_PORT. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/90230 http://www.securitytracker.com/id/1035765 https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d https://www.codeaurora.org/projects/security-advisories/linux-ipc-router-binding-any-port-control-port-cve-2016-2059 • CWE-269: Improper Privilege Management •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2810

https://notcve.org/view.php?id=CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demostrado por la lectura del historial del navegador o una contraseña guardada. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-41.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1229681 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-0774 – kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

https://notcve.org/view.php?id=CVE-2016-0774

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805. Las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en un determinado backport del kernel de Linux en el paquete linux en versiones anteriores a 3.2.73-2+deb7u3 sobre Debian wheezy y el paquete kernel en versiones anteriores a 3.10.0-229.26.2 sobre Red Hat Enterprise Linux (RHEL) 7.1 no considera correctamente los efectos laterales de llamadas __copy_to_user_inatomic y __copy_from_user_inatomic fallidas, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema) o posiblemente obtener prvilegios a través de una aplicación manipulada, también conocido como un "I/O vector array overrun". NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2015-1805. It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2016-04 • CWE-20: Improper Input Validation •