Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4369 | 1 Hp | 1 Discovery And Dependency Mapping Inventory | 2016-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-0760 | 1 Apache | 1 Sentry | 2016-08-22 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. | |||||
| CVE-2014-9717 | 1 Linux | 1 Linux Kernel | 2016-08-12 | 3.6 LOW | 6.1 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | |||||
| CVE-2015-3854 | 1 Google | 1 Android | 2016-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. | |||||
| CVE-2016-5109 | 1 Citrix | 2 Worx Home, Xenmobile Mdx Toolkit | 2016-07-14 | 2.1 LOW | 4.3 MEDIUM |
| Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | |||||
| CVE-2016-3818 | 1 Google | 1 Android | 2016-07-12 | 7.1 HIGH | 5.5 MEDIUM |
| libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | |||||
| CVE-2014-9798 | 1 Google | 1 Android | 2016-07-11 | 7.1 HIGH | 5.5 MEDIUM |
| platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | |||||
| CVE-2016-0315 | 1 Ibm | 1 Jazz Reporting Service | 2016-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2016-0391 | 1 Ibm | 2 Bluemix, Watson Developer Cloud | 2016-07-07 | 7.5 HIGH | 9.8 CRITICAL |
| The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||||
| CVE-2016-1190 | 1 Cybozu | 1 Garoon | 2016-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |||||
| CVE-2016-3713 | 1 Linux | 1 Linux Kernel | 2016-06-27 | 5.6 MEDIUM | 7.1 HIGH |
| The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. | |||||
| CVE-2016-4811 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2016-06-21 | 5.1 MEDIUM | 5.6 MEDIUM |
| The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors. | |||||
| CVE-2016-4813 | 1 Netcommons | 1 Netcommons | 2016-06-21 | 9.0 HIGH | 8.8 HIGH |
| NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | |||||
| CVE-2016-5302 | 1 Citrix | 1 Xenserver | 2016-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | |||||
| CVE-2016-4524 | 1 Abb | 1 Pcm600 | 2016-06-15 | 2.1 LOW | 6.5 MEDIUM |
| ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-5366 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2016-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | |||||
| CVE-2016-4495 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2016-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||||
| CVE-2016-1581 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
| LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | |||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
| CVE-2016-4501 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | |||||