Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3989 | 1 Meinberg | 12 Ims-lantime M1000, Ims-lantime M3000, Ims-lantime M500 and 9 more | 2017-09-03 | 8.5 HIGH | 8.1 HIGH |
| The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. | |||||
| CVE-2016-3861 | 1 Google | 1 Android | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2016-2431 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2017-09-02 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. | |||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2017-09-02 | 9.3 HIGH | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | |||||
| CVE-2014-8428 | 1 Barracuda | 1 Load Balancer | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | |||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2017-09-01 | 3.3 LOW | 6.3 MEDIUM |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
| CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2017-09-01 | 9.3 HIGH | 7.8 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | |||||
| CVE-2016-4633 | 1 Apple | 1 Mac Os X | 2017-09-01 | 6.9 MEDIUM | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2017-09-01 | 3.3 LOW | 5.7 MEDIUM |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
| CVE-2016-1456 | 1 Cisco | 1 Ios Xr | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
| CVE-2016-0263 | 1 Ibm | 2 General Parallel File System Storage Server, Spectrum Scale | 2017-09-01 | 7.2 HIGH | 7.0 HIGH |
| IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | |||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2017-08-30 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | |||||
| CVE-2015-3617 | 1 Fortinet | 1 Fortimanager Firmware | 2017-08-29 | 4.6 MEDIUM | 7.8 HIGH |
| Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2017-08-29 | 3.5 LOW | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-5015 | 2 Eterna, Netbsd | 2 Bozohttpd, Netbsd | 2017-08-29 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | |||||
| CVE-2014-4844 | 1 Ibm | 1 Business Process Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. | |||||
| CVE-2014-4830 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-4817 | 1 Ibm | 1 Tivoli Storage Manager | 2017-08-29 | 2.1 LOW | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | |||||