Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5249 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001 Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | 7.8 |
| 2016-06-30 | CVE-2016-5231 | Permissions, Privileges, and Access Controls vulnerability in Huawei Mate 8 Firmware NXT Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. | 7.8 |
| 2016-06-30 | CVE-2016-5230 | Permissions, Privileges, and Access Controls vulnerability in Huawei Mate 8 Firmware NXT Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | 8.8 |
| 2016-06-30 | CVE-2016-4474 | 7PK - Security Features vulnerability in Redhat Openstack 7.0/8 The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | 8.8 |
| 2016-06-29 | CVE-2016-5839 | Unspecified vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5838 | Credentials Management vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | 7.5 |
| 2016-06-29 | CVE-2016-5837 | Unspecified vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5836 | Unspecified vulnerability in Wordpress The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2016-06-29 | CVE-2016-5835 | Information Exposure vulnerability in Wordpress WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. | 7.5 |
| 2016-06-29 | CVE-2016-5832 | Unspecified vulnerability in Wordpress The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | 7.5 |