CVE-2016-7035

HIGH Year: 2016
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-285
View all →

Vulnerability Description

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

Related Vulnerabilities

CVE-2014-9945

HIGH
CVSS:7.8(High)

In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2014-9950

HIGH
CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2016-8443

HIGH
CVSS:7.8(High)

Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC...

CWE-2852016

CVE-2018-10906

HIGH
CVSS:7.8(High)

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_othe...

CWE-2852018

CVE-2018-13908

HIGH
CVSS:7.8(High)

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electroni...

CWE-2852018

CVE-2019-1603

HIGH
CVSS:7.8(High)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient ...

CWE-2852019