Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-2061 | Improper Privilege Management vulnerability in Linux Kernel Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. | 7.8 |
| 2016-06-10 | CVE-2016-3706 | Improper Input Validation vulnerability in multiple products Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. | 7.5 |
| 2016-06-10 | CVE-2016-4494 | Cross-Site Request Forgery (CSRF) vulnerability in KMC Controls Bac-5051E Firmware Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. | 8.8 |
| 2016-06-10 | CVE-2016-1421 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-06-10 | CVE-2016-1420 | Unspecified vulnerability in Cisco products The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. | 7.8 |
| 2016-06-10 | CVE-2016-1419 | Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43) Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | 8.1 |
| 2016-06-10 | CVE-2016-0910 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Domain OS 5.5.3.3/5.6.1.0/5.7.1.0 EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | 8.8 |
| 2016-06-10 | CVE-2015-8268 | Information Exposure vulnerability in Idera Uptime Infrastructure Monitor 7.5/7.6 The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2016-06-09 | CVE-2016-4449 | Improper Input Validation vulnerability in multiple products XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | 7.1 |
| 2016-06-09 | CVE-2016-4447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | 7.5 |