UBUNTU-CVE-2016-10075

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

Directory traversal

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

CVE-2016-10075

CVE-2016-10075 affects the tqdm Python package, specifically the tqdm._version module, with vulnerable versions including 4.4.1 and 4.10. A local attacker could cause arbitrary code execution by crafting a git log in the current working directory. The issue arises from how the module processes re...

CVE-2016-8456

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2016-8428

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

Privilege escalation

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2016-8432

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

Privilege escalation

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Privilege escalation

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2016-8422

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-8426

CVE-2016-8426 affects the NVIDIA GPU driver on Android (kernel-3.10). It is an elevation-of-privilege vulnerability that could let a local malicious app execute arbitrary code in kernel context, potentially causing a local permanent device compromise. The NVD entry cites CVSSv3: LOCAL access, hig...

CVE-2016-8455

CVE-2016-8455 describes an elevation of privilege in the Broadcom Wi‑Fi driver affecting Android devices using kernel 3.10 (notably Nexus 6P). A local malicious application could execute arbitrary code in the kernel after compromising a privileged process. The connected documents confirm the issu...

CVE-2016-8423

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-6785

An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10...

Privilege escalation

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not...

DEBIAN-CVE-2016-6762

An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not...

CVE-2016-6775

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

Firejail Local Code Execution Vulnerability

Firejail is a set of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the operating environment of untrusted applications using Linux namespaces and seccomp-bpf, a sandboxing mechanism. A local code execution vulnerability exists in Firejail. A local...

Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution Exploit

Exploit for linux platform in category local exploits Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where...

CVE-2016-6848

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client "Reflected File Download". Malicious platform specific e.g. Microsoft Windows batch file can be created via a trusted domain without...