Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
Published Jun 17, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
Published Jun 13, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Published Jun 3, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
Published Jun 1, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
Published Jun 30, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.
Published Jun 8, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Published Jun 30, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Published Jun 8, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors.
Published Jun 8, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 29, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
stalin 0.11-5 allows local users to write to arbitrary files.
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Published Jun 29, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Published Jun 20, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Published Jun 20, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Spiffy before 5.4.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
Published Jun 10, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Published Jun 8, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Published Jun 26, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
Published Jun 26, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
Published Jun 19, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
Published Jun 7, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
Published Jun 19, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
Published Jun 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
Published Jun 7, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
Published Jun 26, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program.
Published Jun 19, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in ZCMS 1.1.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.
Published Jun 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Published Jun 7, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
Published Jun 23, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Published Jun 7, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
Published Jun 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
Published Jun 7, 2017 · Updated Aug 6, 2024