Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6394 | 1 Cisco | 1 Firesight System Software | 2024-11-21 | N/A |
| Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | ||||
| CVE-2016-6369 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | N/A |
| Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | ||||
| CVE-2016-6362 | 1 Cisco | 1 Aironet Access Point Software | 2024-11-21 | N/A |
| Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. | ||||
| CVE-2016-6325 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | N/A |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | ||||
| CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-11-21 | N/A |
| Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | ||||
| CVE-2016-6299 | 2 Fedoraproject, Mock Project | 2 Fedora, Scm Plugin | 2024-11-21 | N/A |
| The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | ||||
| CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2024-11-21 | N/A |
| Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | ||||
| CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 7.8 High |
| Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | ||||
| CVE-2016-6211 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-11-21 | N/A |
| The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. | ||||
| CVE-2016-6193 | 1 Huawei | 1 P8 Smartphone Firmware | 2024-11-21 | N/A |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. | ||||
| CVE-2016-6192 | 1 Huawei | 1 P8 Smartphone Firmware | 2024-11-21 | N/A |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | ||||
| CVE-2016-6187 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. | ||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2024-11-21 | N/A |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | ||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | ||||
| CVE-2016-6028 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2024-11-21 | N/A |
| IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | ||||
| CVE-2016-6025 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | N/A |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. | ||||
| CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2024-11-21 | N/A |
| Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | ||||
| CVE-2016-5991 | 1 Ibm | 1 Sterling Connect\ | 2024-11-21 | N/A |
| IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-5979 | 1 Ibm | 1 Distributed Marketing | 2024-11-21 | N/A |
| IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379. | ||||
| CVE-2016-5934 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-11-21 | N/A |
| IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | ||||