Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||||
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||||
| CVE-2016-2281 | 1 Abb | 1 Panel Builder 800 | 2024-11-21 | 6.0 MEDIUM | 7.2 HIGH |
| Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | |||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2024-11-21 | 3.3 LOW | 5.7 MEDIUM |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
| CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | |||||
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | |||||
| CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | |||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | |||||
| CVE-2016-2155 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role. | |||||
| CVE-2016-2126 | 1 Samba | 1 Samba | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. | |||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
| CVE-2016-2071 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | |||||
| CVE-2016-2060 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
| CVE-2016-2057 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. | |||||
| CVE-2016-1990 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 4.3 MEDIUM | 7.8 HIGH |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | |||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.4 MEDIUM | 7.4 HIGH |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||||
| CVE-2016-1954 | 4 Mozilla, Novell, Opensuse and 1 more | 6 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | |||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | |||||
| CVE-2016-1909 | 1 Fortinet | 1 Fortios | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | |||||