Latest CVE Feed
-
7.8
HIGHCVE-2016-1403
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.... Read more
Affected Products : ip_phone_8800_series_firmware- Published: Jun. 04, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-1211
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : web_mailing_list- Published: Jun. 04, 2016
- Modified: Apr. 12, 2025
-
8.8
HIGHCVE-2016-1391
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrar... Read more
Affected Products : prime_network_analysis_module_software prime_virtual_network_analysis_module_software- Published: Jun. 04, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1390
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted ... Read more
Affected Products : prime_network_analysis_module_software prime_virtual_network_analysis_module_software- Published: Jun. 04, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-0908
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.... Read more
- Published: Jun. 04, 2016
- Modified: Apr. 12, 2025
-
6.2
MEDIUMCVE-2016-4804
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat... Read more
- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2016-3944
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.... Read more
Affected Products : accelerator_application- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-3096
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in th... Read more
- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
8.1
HIGHCVE-2016-0376
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properl... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus satellite suse_linux_enterprise_server suse_linux_enterprise_software_development_kit java_sdk enterprise_linux_hpc_node_supplementary suse_linux_enterprise_module_for_legacy_software +3 more products- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
8.1
HIGHCVE-2016-0363
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke meth... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus satellite suse_linux_enterprise_server suse_linux_enterprise_software_development_kit java_sdk enterprise_linux_hpc_node_supplementary suse_linux_enterprise_module_for_legacy_software +3 more products- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
6.2
MEDIUMCVE-2015-8872
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, ... Read more
- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1388
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS comma... Read more
- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
5.3
MEDIUMCVE-2016-1370
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.... Read more
- Published: Jun. 03, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-5126
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-4945
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4810
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2016-4454
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, w... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2016-4453
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4423
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored ... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseu... Read more
- Published: Jun. 01, 2016
- Modified: Apr. 12, 2025