Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2024-08-05 | N/A |
| The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | ||||
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | ||||
| CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2024-08-05 | N/A |
| The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | ||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2024-08-05 | N/A |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | ||||
| CVE-2016-2155 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role. | ||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-08-05 | N/A |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | ||||
| CVE-2016-2126 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2024-08-05 | 6.5 Medium |
| Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. | ||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-08-05 | N/A |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2016-2057 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-08-05 | N/A |
| lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. | ||||
| CVE-2016-2071 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2024-08-05 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | ||||
| CVE-2016-2060 | 1 Google | 1 Android | 2024-08-05 | N/A |
| server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application. | ||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | ||||
| CVE-2016-1990 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-08-05 | N/A |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | ||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | ||||
| CVE-2016-1954 | 5 Mozilla, Novell, Opensuse and 2 more | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-08-05 | N/A |
| The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | ||||
| CVE-2016-1881 | 1 Freebsd | 1 Freebsd | 2024-08-05 | N/A |
| The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. | ||||
| CVE-2016-1883 | 1 Freebsd | 1 Freebsd | 2024-08-05 | N/A |
| The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | ||||
| CVE-2016-1876 | 1 Lenovo | 1 Solution Center | 2024-08-05 | N/A |
| The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | ||||
| CVE-2016-1909 | 1 Fortinet | 1 Fortios | 2024-08-05 | N/A |
| Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | ||||
| CVE-2016-1906 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
| Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||||