Uncategorized CVEs — 2017 (Page 16/20)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2017-03-08

High

CVE-2017-0522

An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High…

CVSS: 7.8CWE: N/A

High

CVE-2017-0519

An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is…

CVSS: 7.0CWE: N/A

High

CVE-2017-0518

CVSS: 7.0CWE: N/A

High

CVE-2017-0517

An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rat…

CVSS: 7.0CWE: N/A

High

CVE-2017-0516

An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rate…

CVSS: 7.0CWE: N/A

High

CVE-2017-0510

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic…

CVSS: 7.8CWE: N/A

High

CVE-2017-0509

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Crit…

CVSS: 7.8CWE: N/A

High

CVE-2017-0508

An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Criti…

CVSS: 7.8CWE: N/A

High

CVE-2017-0507

CVSS: 7.8CWE: N/A

High

CVE-2017-0506

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious applic…

CVSS: 7.8CWE: N/A

High

CVE-2017-0505

CVSS: 7.8CWE: N/A

High

CVE-2017-0504

CVSS: 7.8CWE: N/A

High

CVE-2017-0503

CVSS: 7.8CWE: N/A

High

CVE-2017-0502

CVSS: 7.8CWE: N/A

High

CVE-2017-0501

CVSS: 7.8CWE: N/A

High

CVE-2017-0500

CVSS: 7.8CWE: N/A

Medium

CVE-2017-0498

A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factor…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0497

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an unco…

CVSS: 4.7CWE: N/A

Medium

CVE-2017-0496

A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0491

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This i…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0490

An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requi…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0489

An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate becaus…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0487

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0486

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0485

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0482

CVSS: 5.5CWE: N/A

High

CVE-2017-0480

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High bec…

CVSS: 7.8CWE: N/A

High

CVE-2017-0479

CVSS: 7.8CWE: N/A

High

CVE-2017-0478

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This is…

CVSS: 7.8CWE: N/A

High

CVE-2017-0464

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…

CVSS: 7.0CWE: N/A

High

CVE-2017-0460

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as…

CVSS: 7.0CWE: N/A

High

CVE-2017-0457

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Hi…

CVSS: 7.0CWE: N/A

High

CVE-2017-0456

An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b…

CVSS: 7.0CWE: N/A

High

CVE-2017-0338

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical…

CVSS: 7.8CWE: N/A

High

CVE-2017-0337

CVSS: 7.8CWE: N/A

High

CVE-2017-0335

CVSS: 7.8CWE: N/A

High

CVE-2017-0333

CVSS: 7.8CWE: N/A

High

CVE-2016-8479

An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-8417

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Mod…

CVSS: 7.0CWE: CWE-264

2017-03-07

High

CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind sys…

CVSS: 7.0CWE: CWE-264

High

CVE-2017-5681

The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-cha…

CVSS: 7.5CWE: N/A

High

CVE-2016-9740

IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.

CVSS: 7.5CWE: CWE-399

Medium

CVE-2016-6245

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.

CVSS: 5.5CWE: N/A

Medium

CVE-2016-6242

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.

CVSS: 5.5CWE: CWE-189

High

CVE-2016-6240

Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

CVSS: 7.8CWE: CWE-189

2017-03-03

High

CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

CVSS: 7.5CWE: CWE-399

2017-03-02

Medium

CVE-2016-10062

The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via…

CVSS: 5.5CWE: CWE-388

High

CVE-2017-6407

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client…

CVSS: 8.8CWE: N/A

High

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occ…

CVSS: 8.8CWE: N/A

Medium

CVE-2017-6402

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.

CVSS: 6.5CWE: N/A

High

CVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).

CVSS: 8.8CWE: N/A

High

CVE-2017-6399

CVSS: 8.8CWE: N/A

High

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a n…

CVSS: 7.5CWE: CWE-264

2017-03-01

High

CVE-2017-3826

A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-2880

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.

CVSS: 7.8CWE: CWE-320

Medium

CVE-2017-6348

The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted oper…

CVSS: 5.5CWE: N/A

High

CVE-2016-5374

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e…

CVSS: 8.8CWE: CWE-264

High

CVE-2016-10151

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via…

CVSS: 7.0CWE: CWE-264

Medium

CVE-2017-5502

libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: N/A

Medium

CVE-2017-5500

libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: N/A

Medium

CVE-2017-5498

libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: N/A

Medium

CVE-2016-9826

libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: CWE-189

Medium

CVE-2016-9825

libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: CWE-189

Medium

CVE-2016-9820

libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: CWE-189

Medium

CVE-2016-9819

libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS: 5.5CWE: CWE-189

Medium

CVE-2016-8508

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for pr…

CVSS: 6.5CWE: CWE-254

High

CVE-2016-10094

Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.

CVSS: 7.8CWE: CWE-189

2017-02-28

High

CVE-2017-5682

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector,…

CVSS: 7.3CWE: N/A

2017-02-27

Low

CVE-2016-7553

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from…

CVSS: 3.3CWE: CWE-275

Medium

CVE-2016-8105

Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.

CVSS: 6.5CWE: N/A

Low

CVE-2017-5928

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the http…

CVSS: 3.7CWE: N/A

2017-02-24

Medium

CVE-2016-4043

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

CVSS: 4.9CWE: CWE-264

High

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

CVSS: 7.3CWE: CWE-264

High

CVE-2017-5669

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and conseque…

CVSS: 7.8CWE: N/A

2017-02-23

Critical

CVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated C…

CVSS: 9.8CWE: N/A

2017-02-22

Medium

CVE-2016-3013

IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.

CVSS: 6.5CWE: CWE-19

Critical

CVE-2017-2684

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level au…

CVSS: 9.0CWE: CWE-592

2017-02-21

Medium

CVE-2015-4056

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrati…

CVSS: 6.7CWE: CWE-310

High

CVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli…

CVSS: 8.8CWE: CWE-264

Critical

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,…

CVSS: 9.9CWE: CWE-264

High

CVE-2016-10227

Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.

CVSS: 7.5CWE: CWE-399

2017-02-20

Medium

CVE-2017-2359

An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted we…

CVSS: 6.5CWE: N/A

Medium

CVE-2017-2352

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to by…

CVSS: 4.6CWE: N/A

High

CVE-2016-7661

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-7638

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this componen…

CVSS: 4.6CWE: CWE-254

Critical

CVE-2016-7630

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspec…

CVSS: 9.8CWE: CWE-254

Medium

CVE-2016-7628

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and…

CVSS: 5.5CWE: CWE-264

Medium

CVE-2016-7615

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which al…

CVSS: 5.5CWE: N/A

High

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-7601

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval…

CVSS: 6.8CWE: CWE-254

Medium

CVE-2016-7597

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked st…

CVSS: 4.6CWE: CWE-254

High

CVE-2016-7584

CVSS: 7.8CWE: CWE-254

High

CVE-2016-7583

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a cr…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-7582

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privile…

CVSS: 8.8CWE: CWE-264

Medium

CVE-2016-4781

CVSS: 6.8CWE: CWE-254

Medium

CVE-2016-4721

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle…

CVSS: 5.9CWE: CWE-254

High

CVE-2016-4689

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked…

CVSS: 7.5CWE: CWE-254

Medium

CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocatio…

CVSS: 4.4CWE: CWE-264

High

CVE-2016-4675

CVSS: 7.8CWE: CWE-264

Low

CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover length…

CVSS: 3.3CWE: CWE-255

High

CVE-2016-4617

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.

CVSS: 8.8CWE: CWE-264

2017-02-17

Critical

CVE-2016-6875

Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

CVSS: 9.8CWE: N/A

Critical

CVE-2016-6874

The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.

CVSS: 9.8CWE: N/A

Critical

CVE-2016-6873

Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

CVSS: 9.8CWE: N/A

Medium

CVE-2017-5027

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke…

CVSS: 4.3CWE: N/A

Medium

CVE-2017-5022

CVSS: 4.3CWE: N/A

Medium

CVE-2017-5015

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN ho…

CVSS: 6.5CWE: N/A

Medium

CVE-2017-5013

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a c…

CVSS: 6.5CWE: N/A

Critical

CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers…

CVSS: 9.1CWE: CWE-399

High

CVE-2016-9637

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vector…

CVSS: 7.5CWE: CWE-264

High

CVE-2016-5417

Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (me…

CVSS: 7.5CWE: CWE-399

2017-02-15

Medium

CVE-2017-0320

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

CVSS: 5.5CWE: N/A

Medium

CVE-2017-0319

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

CVSS: 5.5CWE: N/A

High

CVE-2016-8677

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation…

CVSS: 8.8CWE: N/A

High

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privil…

CVSS: 8.8CWE: CWE-264

Medium

CVE-2016-9010

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could expl…

CVSS: 6.1CWE: CWE-254

High

CVE-2016-8972

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

CVSS: 7.8CWE: CWE-264

High

CVE-2016-6079

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-1883

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.

CVSS: 7.8CWE: CWE-264