Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2017-06-14 | 6.4 MEDIUM | 7.5 HIGH |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2015-3295 | 1 Markdown-it Project | 1 Markdown-it | 2017-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| markdown-it before 4.1.0 does not block data: URLs. | |||||
| CVE-2016-6098 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2017-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | |||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | |||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||||
| CVE-2016-9157 | 1 Siemens | 1 Sicam Pas | 2017-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | |||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas | 2017-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | |||||
| CVE-2016-6089 | 1 Ibm | 1 Websphere Mq | 2017-06-12 | 3.6 LOW | 5.5 MEDIUM |
| IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. | |||||
| CVE-2015-9006 | 1 Google | 1 Android | 2017-06-09 | 9.3 HIGH | 7.8 HIGH |
| In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | |||||
| CVE-2016-9016 | 1 Firejail Project | 1 Firejail | 2017-06-08 | 7.2 HIGH | 8.8 HIGH |
| Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-05-24 | 6.0 MEDIUM | 7.3 HIGH |
| dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | |||||
| CVE-2016-10370 | 1 Oneplus | 2 Oneplus 3t, Oxygenos | 2017-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. | |||||
| CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2017-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | |||||
| CVE-2016-9976 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-05-12 | 6.8 MEDIUM | 8.4 HIGH |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | |||||
| CVE-2016-2930 | 1 Ibm | 1 Bigfix Remote Control | 2017-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | |||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | |||||
| CVE-2016-8588 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-05-10 | 6.0 MEDIUM | 7.3 HIGH |
| The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | |||||
| CVE-2016-2433 | 1 Google | 1 Android | 2017-05-02 | 8.3 HIGH | 8.8 HIGH |
| The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | |||||