Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-19 | CVE-2016-1861 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. | 7.8 |
| 2016-06-19 | CVE-2016-0911 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | 8.2 |
| 2016-06-19 | CVE-2016-0392 | Improper Access Control vulnerability in IBM products IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | 8.4 |
| 2016-06-19 | CVE-2016-1195 | Unspecified vulnerability in Cybozu Garoon Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | 7.4 |
| 2016-06-19 | CVE-2016-4820 | Cross-Site Request Forgery (CSRF) vulnerability in Iodata Etx-R Firmware Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-06-19 | CVE-2016-4817 | Unspecified vulnerability in Dena H2O lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | 7.5 |
| 2016-06-19 | CVE-2016-4815 | Path Traversal vulnerability in Buffalo products Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2016-06-19 | CVE-2016-4814 | Path Traversal vulnerability in GSI OLD GSI Maps Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2016-06-19 | CVE-2016-4813 | Improper Access Control vulnerability in Netcommons 2.4.2.1 NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. | 8.8 |
| 2016-06-19 | CVE-2016-4371 | Cross-Site Request Forgery (CSRF) vulnerability in HP products HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. | 8.0 |