Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2854 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 7.8 High |
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | ||||
CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2024-08-05 | N/A |
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | ||||
CVE-2016-2816 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | ||||
CVE-2016-2829 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-08-05 | N/A |
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | ||||
CVE-2016-2787 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet Enterprise | 2024-08-05 | N/A |
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | ||||
CVE-2016-2785 | 1 Puppet | 3 Puppet, Puppet Agent, Puppet Server | 2024-08-05 | 9.8 Critical |
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | ||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-08-05 | N/A |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | ||||
CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | ||||
CVE-2016-2433 | 1 Google | 1 Android | 2024-08-05 | N/A |
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | ||||
CVE-2016-2354 | 1 Lemurmonitors | 1 Bluedriver | 2024-08-05 | N/A |
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | ||||
CVE-2016-2275 | 1 Advantech | 4 Vesp211-232, Vesp211-232 Firmware, Vesp211-eu and 1 more | 2024-08-05 | N/A |
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code. | ||||
CVE-2016-2272 | 1 Eaton Lighting Systems | 1 Eg2 Web Control | 2024-08-05 | N/A |
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | ||||
CVE-2016-2278 | 1 Schneider-electric | 4 Struxureware Building Operations Automation Server As, Struxureware Building Operations Automation Server As-p, Struxureware Building Operations Automation Server As-p Firmware and 1 more | 2024-08-05 | N/A |
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | ||||
CVE-2016-2243 | 3 Hp, Samsung, Zyxel | 30 1000 Series Firmware, 700 Series Firmware, 800 Series Firmware and 27 more | 2024-08-05 | N/A |
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | ||||
CVE-2016-2277 | 1 Rockwellautomation | 1 Integrated Architecture Builder | 2024-08-05 | N/A |
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. | ||||
CVE-2016-2150 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2024-08-05 | N/A |
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | ||||
CVE-2016-2100 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-05 | N/A |
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | ||||
CVE-2016-2159 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. | ||||
CVE-2016-2167 | 1 Apache | 1 Subversion | 2024-08-05 | N/A |
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | ||||
CVE-2016-2048 | 1 Djangoproject | 1 Django | 2024-08-05 | N/A |
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. |