CVE-2016-8769

MEDIUM Year: 2016
CVSS v3 Score
6.7
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-264
View all →

Vulnerability Description

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

Related Vulnerabilities

CVE-2014-3752

MEDIUM
CVSS:6.7(Medium)

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

CWE-2642014

CVE-2015-3321

MEDIUM
CVSS:6.7(Medium)

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

CWE-2642015

CVE-2015-4045

MEDIUM
CVSS:6.7(Medium)

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

CWE-2642015

CVE-2015-8660

MEDIUM
CVSS:6.7(Medium)

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and mo...

CWE-2642015

CVE-2016-0905

MEDIUM
CVSS:6.7(Medium)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.

CWE-2642016

CVE-2016-0908

MEDIUM
CVSS:6.7(Medium)

EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.

CWE-2642016