CVE Daily
← All years

Uncategorized 2016

Page 5/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2016-09-07
High

CVE-2016-6346

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

CVSS: 7.5CWE: N/A
Read more
2016-09-06
High

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0…

CVSS: 7.5CWE: CWE-399
Read more
2016-09-03
Medium

CVE-2016-1415

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.

CVSS: 5.5CWE: CWE-399
Read more
Critical

CVE-2015-5719

app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a…

CVSS: 9.8CWE: N/A
Read more
2016-09-02
Medium

CVE-2016-6376

The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows r…

CVSS: 6.5CWE: CWE-399
Read more
2016-09-01
Medium

CVE-2016-5047

NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.

CVSS: 6.5CWE: N/A
Read more
2016-08-31
Critical

CVE-2016-5336

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-5335

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

CVSS: 7.8CWE: N/A
Read more
2016-08-26
High

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.

CVSS: 7.8CWE: N/A
Read more
2016-08-25
High

CVE-2016-6369

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-4655

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

CVSS: 5.5CWE: N/A
Read more
2016-08-24
High

CVE-2016-7089

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.

CVSS: 7.8CWE: CWE-264
Read more
2016-08-23
High

CVE-2016-6355

Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage)…

CVSS: 7.5CWE: CWE-399
Read more
2016-08-22
High

CVE-2016-6362

Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bu…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-4377

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2016-4376

HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS: 6.5CWE: CWE-254
Read more
High

CVE-2016-0915

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an a…

CVSS: 8.1CWE: CWE-264
Read more
2016-08-19
Critical

CVE-2016-6493

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

CVSS: 9.8CWE: CWE-254
Read more
High

CVE-2016-4475

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) rea…

CVSS: 8.8CWE: CWE-254
Read more
Medium

CVE-2016-4451

The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restricti…

CVSS: 5.0CWE: CWE-254
Read more
High

CVE-2015-8022

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; B…

CVSS: 7.5CWE: CWE-264
Read more
2016-08-18
High

CVE-2016-1458

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devi…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-1457

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Servic…

CVSS: 8.8CWE: CWE-264
Read more
2016-08-13
Medium

CVE-2016-5847

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security…

CVSS: 5.8CWE: CWE-264
Read more
Medium

CVE-2016-5845

SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive…

CVSS: 5.5CWE: N/A
Read more
2016-08-10
High

CVE-2016-6597

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the r…

CVSS: 8.6CWE: CWE-254
Read more
High

CVE-2016-5419

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

CVSS: 7.5CWE: CWE-310
Read more
2016-08-09
Medium

CVE-2016-3320

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or…

CVSS: 4.9CWE: CWE-254
Read more
High

CVE-2016-3311

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3310

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3309

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-3308

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3300

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges b…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3237

Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows ma…

CVSS: 7.5CWE: CWE-264
Read more
2016-08-08
Low

CVE-2016-0380

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via…

CVSS: 3.3CWE: CWE-264
Read more
Medium

CVE-2016-0361

IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticate…

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2016-0266

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

CVSS: 3.7CWE: CWE-254
Read more
High

CVE-2016-6486

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-1466

Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of serv…

CVSS: 7.5CWE: CWE-399
Read more
2016-08-07
Critical

CVE-2016-5146

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image,…

CVSS: 8.8CWE: CWE-254
Read more
Critical

CVE-2016-5143

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which…

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2016-5350

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial…

CVSS: 7.5CWE: CWE-399
Read more
2016-08-06
Medium

CVE-2016-6513

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application cras…

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2016-6511

epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2016-6510

Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer…

CVSS: 5.9CWE: CWE-189
Read more
Medium

CVE-2016-6508

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of servi…

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2016-6507

epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2016-6506

epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2016-5412

arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infi…

CVSS: 6.5CWE: CWE-399
Read more
High

CVE-2016-3841

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendm…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka…

CVSS: 7.8CWE: CWE-19
Read more
High

CVE-2015-8943

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, whic…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8942

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8941

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which all…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8940

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8939

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8938

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted applicatio…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2015-8937

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges vi…

CVSS: 7.8CWE: CWE-19
Read more
High

CVE-2014-9891

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted a…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9890

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileg…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9888

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9887

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application t…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9881

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or ca…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9880

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attac…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9879

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application,…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9878

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges v…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9877

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allo…

CVSS: 7.8CWE: CWE-19
Read more
High

CVE-2014-9876

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privi…

CVSS: 7.8CWE: CWE-189
Read more
High

CVE-2014-9875

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI reque…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9873

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive infor…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9870

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allow…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9869

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which all…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9868

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an appl…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2014-9867

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allo…

CVSS: 7.8CWE: CWE-264
Read more
2016-08-05
High

CVE-2016-3857

The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-3853

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal…

CVSS: 5.5CWE: CWE-264
Read more
High

CVE-2016-3851

The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.

CVSS: 8.1CWE: CWE-264
Read more
High

CVE-2016-3850

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field i…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-3849

The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3848

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-3847

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3846

The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-3845

The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3844

mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3843

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3842

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm inter…

CVSS: 7.8CWE: CWE-264
Read more
Critical

CVE-2016-3840

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary c…

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2016-3833

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypa…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3832

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows att…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-2504

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Q…

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-1276

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer…

CVSS: 5.9CWE: CWE-399
Read more
Medium

CVE-2015-8945

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive pri…

CVSS: 5.1CWE: CWE-255
Read more
Critical

CVE-2016-6139

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2016-5268

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to con…

CVSS: 4.3CWE: CWE-254
Read more
High

CVE-2016-5266

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web sit…

CVSS: 8.1CWE: CWE-264
Read more
Medium

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

CVSS: 4.7CWE: CWE-264
Read more
High

CVE-2016-2835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…

CVSS: 8.8CWE: N/A
Read more
2016-08-03
Critical

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access vi…

CVSS: 9.8CWE: CWE-255
Read more
Critical

CVE-2016-5669

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of obj…

CVSS: 9.8CWE: N/A
Read more
2016-08-02
High

CVE-2016-6193

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6192

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-2408

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors.

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementin…

CVSS: 6.5CWE: CWE-310
Read more
High

CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-1238

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encod…

CVSS: 7.8CWE: CWE-264
Read more
2016-08-01
High

CVE-2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified…

CVSS: 8.1CWE: CWE-264
Read more
High

CVE-2016-1611

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's conten…

CVSS: 7.8CWE: CWE-264
Read more
2016-07-28
Medium

CVE-2016-1467

Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.

CVSS: 6.5CWE: CWE-399
Read more
Medium

CVE-2016-1465

Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Dis…

CVSS: 6.5CWE: CWE-399
Read more
Medium

CVE-2016-1460

Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.

CVSS: 6.5CWE: CWE-399
Read more
2016-07-26
High

CVE-2016-6152

CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2016-6151

CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors.

CVSS: 8.8CWE: N/A
Read more
2016-07-23
High

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows rem…

CVSS: 8.8CWE: CWE-254
Read more
High

CVE-2016-5128

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remot…

CVSS: 8.8CWE: CWE-254
Read more
>