Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-30 | CVE-2016-2963 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Remote Control 9.1.2 Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2016-11-30 | CVE-2016-2948 | Use of Hard-coded Credentials vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | 7.8 |
| 2016-11-30 | CVE-2016-2936 | Credentials Management vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | 7.3 |
| 2016-11-29 | CVE-2016-8223 | Improper Access Control vulnerability in Lenovo System Interface Foundation 1.0.66.0 During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | 7.8 |
| 2016-11-29 | CVE-2016-1251 | Use After Free vulnerability in Dbd-Mysql Project Dbd-Mysql There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. | 8.1 |
| 2016-11-29 | CVE-2016-1247 | Link Following vulnerability in multiple products The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | 7.8 |
| 2016-11-29 | CVE-2016-5685 | Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 8.8 |
| 2016-11-29 | CVE-2016-5393 | Improper Access Control vulnerability in Apache Hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 8.8 |
| 2016-11-28 | CVE-2016-9644 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. | 7.8 |
| 2016-11-28 | CVE-2016-9313 | NULL Pointer Dereference vulnerability in Linux Kernel security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | 7.8 |