Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2851 | 2 Apple, Synology | 2 Mac Os X, Cloud Station | 2016-12-02 | 6.8 MEDIUM | N/A |
| client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. | |||||
| CVE-2015-2953 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 5.0 MEDIUM | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958. | |||||
| CVE-2015-2821 | 1 Typo3 | 1 Neos | 2016-12-02 | 6.5 MEDIUM | N/A |
| TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||||
| CVE-2015-2758 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-02 | 6.5 MEDIUM | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | |||||
| CVE-2015-2219 | 1 Lenovo | 1 System Update | 2016-12-02 | 7.2 HIGH | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | |||||
| CVE-2016-8501 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||||
| CVE-2016-8101 | 1 Intel | 1 Solid-state Drive Toolbox | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | |||||
| CVE-2016-7489 | 1 Teradata | 1 Virtual Machine | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution. | |||||
| CVE-2016-7488 | 1 Teradata | 1 Virtual Machine | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | |||||
| CVE-2016-2917 | 1 Ibm | 1 Tririga Application Platform | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | |||||
| CVE-2016-4534 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2016-11-30 | 3.0 LOW | 3.0 LOW |
| The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | |||||
| CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-11-30 | 7.2 HIGH | 8.4 HIGH |
| The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2016-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
| CVE-2016-1742 | 1 Apple | 1 Itunes | 2016-11-30 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-2494 | 1 Google | 1 Android | 2016-11-29 | 9.3 HIGH | 7.8 HIGH |
| Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2016-11-29 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2015-1984 | 1 Ibm | 1 Infosphere Master Data Management | 2016-11-29 | 4.0 MEDIUM | N/A |
| IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | |||||
| CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | |||||
| CVE-2016-7402 | 1 Sybase | 1 Adaptive Server Enterprise | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. | |||||