| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
63051 |
CVE-2016-6380 |
20 |
|
DoS Mem. Corr. +Info |
2016-10-05 |
2020-09-29 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. |
|
63052 |
CVE-2016-6379 |
20 |
|
DoS |
2016-10-05 |
2017-07-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. |
|
63053 |
CVE-2016-6378 |
399 |
|
DoS |
2016-10-05 |
2017-07-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. |
|
63054 |
CVE-2016-6377 |
287 |
|
Bypass |
2016-09-03 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. |
|
63055 |
CVE-2016-6376 |
399 |
|
DoS |
2016-09-02 |
2016-11-28 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263. |
|
63056 |
CVE-2016-6375 |
399 |
|
DoS |
2016-09-12 |
2018-10-30 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221. |
|
63057 |
CVE-2016-6374 |
20 |
|
Exec Code |
2016-09-22 |
2021-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. |
|
63058 |
CVE-2016-6373 |
78 |
|
Exec Code |
2016-09-22 |
2017-07-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. |
|
63059 |
CVE-2016-6372 |
20 |
|
Bypass |
2016-10-28 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. |
|
63060 |
CVE-2016-6371 |
22 |
|
Dir. Trav. |
2016-09-12 |
2016-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. |
|
63061 |
CVE-2016-6370 |
22 |
|
Dir. Trav. |
2016-09-12 |
2016-12-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. |
|
63062 |
CVE-2016-6369 |
264 |
|
+Priv |
2016-08-25 |
2016-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. |
|
63063 |
CVE-2016-6368 |
399 |
|
DoS Bypass |
2017-04-20 |
2017-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. |
|
63064 |
CVE-2016-6367 |
|
|
+Priv |
2016-08-18 |
2016-11-28 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. |
|
63065 |
CVE-2016-6366 |
119 |
|
Exec Code Overflow |
2016-08-18 |
2016-11-28 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON. |
|
63066 |
CVE-2016-6365 |
79 |
|
XSS |
2016-08-23 |
2016-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. |
|
63067 |
CVE-2016-6364 |
200 |
|
Bypass +Info |
2016-08-23 |
2016-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. |
|
63068 |
CVE-2016-6363 |
119 |
|
DoS Overflow |
2016-08-22 |
2016-12-12 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. |
|
63069 |
CVE-2016-6362 |
264 |
|
+Priv |
2016-08-22 |
2016-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. |
|
63070 |
CVE-2016-6361 |
20 |
|
DoS |
2016-08-22 |
2016-12-12 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288. |
|
63071 |
CVE-2016-6360 |
20 |
|
DoS |
2016-10-28 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. |
|
63072 |
CVE-2016-6359 |
79 |
|
XSS |
2016-08-22 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. |
|
63073 |
CVE-2016-6358 |
20 |
|
DoS |
2016-10-28 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. |
|
63074 |
CVE-2016-6357 |
388 |
|
Bypass |
2016-10-28 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. |
|
63075 |
CVE-2016-6356 |
20 |
|
DoS |
2016-10-28 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. |
|
63076 |
CVE-2016-6355 |
399 |
|
DoS |
2016-08-23 |
2016-11-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. |
|
63077 |
CVE-2016-6354 |
119 |
|
DoS Exec Code Overflow |
2016-09-21 |
2017-01-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. |
|
63078 |
CVE-2016-6352 |
787 |
|
DoS |
2016-10-03 |
2019-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. |
|
63079 |
CVE-2016-6351 |
|
|
DoS Exec Code |
2016-09-07 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. |
|
63080 |
CVE-2016-6350 |
476 |
|
DoS |
2017-03-07 |
2017-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. |
|
63081 |
CVE-2016-6348 |
79 |
|
XSS |
2017-04-12 |
2017-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. |
|
63082 |
CVE-2016-6347 |
79 |
|
XSS |
2017-04-20 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
63083 |
CVE-2016-6346 |
|
|
DoS |
2016-09-07 |
2019-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. |
|
63084 |
CVE-2016-6345 |
200 |
|
+Info |
2016-09-07 |
2016-09-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. |
|
63085 |
CVE-2016-6344 |
200 |
|
+Info |
2016-09-07 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. |
|
63086 |
CVE-2016-6342 |
284 |
|
|
2017-06-27 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
elog 3.1.1 allows remote attackers to post data as any username in the logbook. |
|
63087 |
CVE-2016-6338 |
284 |
|
Bypass |
2017-04-20 |
2017-12-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. |
|
63088 |
CVE-2016-6337 |
284 |
|
Bypass |
2017-04-20 |
2017-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. |
|
63089 |
CVE-2016-6336 |
284 |
|
Bypass |
2017-04-20 |
2017-04-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. |
|
63090 |
CVE-2016-6335 |
200 |
|
+Info |
2017-04-20 |
2017-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. |
|
63091 |
CVE-2016-6334 |
79 |
|
XSS |
2017-04-20 |
2017-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. |
|
63092 |
CVE-2016-6333 |
79 |
|
XSS |
2017-04-20 |
2017-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. |
|
63093 |
CVE-2016-6332 |
200 |
|
+Info |
2017-04-20 |
2017-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. |
|
63094 |
CVE-2016-6331 |
284 |
|
Bypass |
2017-04-20 |
2017-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. |
|
63095 |
CVE-2016-6330 |
502 |
|
Exec Code |
2016-09-27 |
2016-12-24 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. |
|
63096 |
CVE-2016-6329 |
310 |
|
|
2017-01-31 |
2019-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. |
|
63097 |
CVE-2016-6328 |
190 |
|
Overflow |
2018-10-31 |
2021-05-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). |
|
63098 |
CVE-2016-6327 |
476 |
|
DoS |
2016-10-16 |
2018-01-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. |
|
63099 |
CVE-2016-6325 |
264 |
|
+Priv |
2016-10-13 |
2018-01-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. |
|
63100 |
CVE-2016-6323 |
284 |
|
DoS |
2016-10-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. |
