hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Max CVSS
9.0
EPSS Score
3.17%
Published
2016-06-30
Updated
2016-11-28
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.44%
Published
2016-06-29
Updated
2016-11-28
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-06-29
Updated
2016-11-30
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2016-06-29
Updated
2016-11-30
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2016-06-29
Updated
2018-07-31
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
Max CVSS
7.5
EPSS Score
0.57%
Published
2016-06-29
Updated
2016-11-30
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
Max CVSS
6.1
EPSS Score
0.35%
Published
2016-06-29
Updated
2016-11-30
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
Max CVSS
6.1
EPSS Score
0.68%
Published
2016-06-29
Updated
2016-11-30
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.64%
Published
2016-06-29
Updated
2016-11-30
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
Max CVSS
8.2
EPSS Score
0.04%
Published
2016-06-30
Updated
2019-09-27
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
Max CVSS
6.3
EPSS Score
0.04%
Published
2016-06-27
Updated
2016-11-28
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-24
Updated
2016-06-27
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
Max CVSS
7.5
EPSS Score
0.19%
Published
2016-06-24
Updated
2016-09-29
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.
Max CVSS
4.7
EPSS Score
0.04%
Published
2016-06-24
Updated
2016-11-30
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.
Max CVSS
7.1
EPSS Score
0.24%
Published
2016-06-24
Updated
2016-06-28
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.06%
Published
2016-06-17
Updated
2016-06-20
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.
Max CVSS
7.8
EPSS Score
0.24%
Published
2016-06-30
Updated
2016-11-28
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-06-14
Updated
2016-06-14
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052.
Max CVSS
7.5
EPSS Score
0.18%
Published
2016-06-14
Updated
2016-06-14
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.
Max CVSS
10.0
EPSS Score
0.43%
Published
2016-06-14
Updated
2016-06-14
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
Max CVSS
8.2
EPSS Score
3.84%
Published
2016-06-17
Updated
2016-11-28
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
Max CVSS
8.2
EPSS Score
3.82%
Published
2016-06-17
Updated
2018-10-19
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.
Max CVSS
7.5
EPSS Score
0.91%
Published
2016-06-16
Updated
2017-01-18
503 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!