Total
5268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6430 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2026-06-17 | 6.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). | |||||
| CVE-2016-6428 | 1 Cisco | 1 Ios Xr | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | |||||
| CVE-2016-6420 | 1 Cisco | 1 Firesight System Software | 2026-06-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | |||||
| CVE-2016-6413 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | |||||
| CVE-2016-6406 | 1 Cisco | 1 Email Security Appliance Firmware | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. | |||||
| CVE-2016-6402 | 1 Cisco | 1 Unified Computing System | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | |||||
| CVE-2016-6394 | 1 Cisco | 1 Firesight System Software | 2026-06-17 | 5.8 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | |||||
| CVE-2016-6369 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | |||||
| CVE-2016-6362 | 1 Cisco | 1 Aironet Access Point Software | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. | |||||
| CVE-2016-6325 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | |||||
| CVE-2016-6322 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2026-06-17 | 7.2 HIGH | 8.4 HIGH |
| Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | |||||
| CVE-2016-6299 | 2 Fedoraproject, Mock Project | 2 Fedora, Scm Plugin | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | |||||
| CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | |||||
| CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | |||||
| CVE-2016-6211 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. | |||||
| CVE-2016-6193 | 1 Huawei | 1 P8 Smartphone Firmware | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. | |||||
| CVE-2016-6192 | 1 Huawei | 1 P8 Smartphone Firmware | 2026-06-17 | 9.3 HIGH | 7.3 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | |||||
| CVE-2016-6187 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. | |||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||