Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2686 | 1 Linux | 1 Linux Kernel | 2016-06-27 | 7.2 HIGH | 7.8 HIGH |
| net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. | |||||
| CVE-2016-5723 | 1 Huawei | 1 Fusioninsight Hd | 2016-06-27 | 7.2 HIGH | 7.8 HIGH |
| Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | |||||
| CVE-2016-1183 | 1 Nttdata | 1 Terasoluna Server Framework For Java Web | 2016-06-23 | 4.3 MEDIUM | 3.7 LOW |
| NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | |||||
| CVE-2016-2363 | 1 Fonality | 1 Fonality | 2016-06-21 | 7.2 HIGH | 7.8 HIGH |
| Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | |||||
| CVE-2016-1196 | 1 Cybozu | 1 Garoon | 2016-06-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | |||||
| CVE-2016-4158 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2016-06-20 | 6.9 MEDIUM | 7.3 HIGH |
| Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2016-4157 | 1 Adobe | 1 Creative Cloud | 2016-06-17 | 6.9 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | |||||
| CVE-2016-2492 | 1 Google | 2 Android, Android One | 2016-06-16 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410. | |||||
| CVE-2015-1814 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 7.5 HIGH | N/A |
| The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | |||||
| CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 6.5 MEDIUM | N/A |
| The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
| CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.6 MEDIUM | N/A |
| The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | |||||
| CVE-2016-5365 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2016-06-14 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051. | |||||
| CVE-2016-2493 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522. | |||||
| CVE-2016-2490 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373. | |||||
| CVE-2016-2488 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832. | |||||
| CVE-2016-2489 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629. | |||||
| CVE-2016-2496 | 1 Google | 1 Android | 2016-06-14 | 10.0 HIGH | 9.8 CRITICAL |
| The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | |||||
| CVE-2014-2068 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 3.5 LOW | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | |||||
| CVE-2014-2058 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 6.5 MEDIUM | N/A |
| BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. | |||||
| CVE-2013-7330 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 4.0 MEDIUM | N/A |
| Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | |||||