Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-6325 | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | 7.8 |
| 2016-10-13 | CVE-2016-5425 | Incorrect Default Permissions vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | 7.8 |
| 2016-10-13 | CVE-2016-3946 | Information Exposure vulnerability in SAP Sapconsole 7.30 SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | 7.8 |
| 2016-10-13 | CVE-2016-3635 | Improper Access Control vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | 7.5 |
| 2016-10-13 | CVE-2016-8563 | Improper Input Validation vulnerability in Siemens Automation License Manager 5.3 Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | 7.5 |
| 2016-10-10 | CVE-2016-1000216 | OS Command Injection vulnerability in Ruckus Wireless H500 Ruckus Wireless H500 web management interface authenticated command injection | 8.8 |
| 2016-10-10 | CVE-2016-8101 | Permissions, Privileges, and Access Controls vulnerability in Intel Solid-State Drive Toolbox 1.0/3.3.6 The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-10-10 | CVE-2016-6680 | Information Exposure vulnerability in Google Android CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR 1048052. | 7.8 |
| 2016-10-10 | CVE-2016-6676 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853. | 7.8 |
| 2016-10-10 | CVE-2016-6675 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861. | 7.8 |