Total
5268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2412 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. | |||||
| CVE-2016-2410 | 1 Google | 1 Android | 2026-06-17 | 6.9 MEDIUM | 7.4 HIGH |
| A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. | |||||
| CVE-2016-2409 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 8.1 HIGH |
| A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. | |||||
| CVE-2016-2408 | 2 Microsoft, Pulsesecure | 5 Windows, Odyssey Access Client, Pulse Secure Desktop and 2 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | |||||
| CVE-2016-2405 | 1 Huawei | 2 Policy Center, Policy Center Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. | |||||
| CVE-2016-2404 | 1 Huawei | 12 Acu2, Acu2 Firmware, S12700 and 9 more | 2026-06-17 | 6.0 MEDIUM | 7.5 HIGH |
| Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation. | |||||
| CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | |||||
| CVE-2016-2363 | 1 Fonality | 1 Fonality | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | |||||
| CVE-2016-2353 | 1 Accellion | 1 File Transfer Appliance | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | |||||
| CVE-2016-2352 | 1 Accellion | 1 File Transfer Appliance | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | |||||
| CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | |||||
| CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2026-06-17 | 7.5 HIGH | 8.6 HIGH |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||||
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||||
| CVE-2016-2281 | 1 Abb | 1 Panel Builder 800 | 2026-06-17 | 6.0 MEDIUM | 7.2 HIGH |
| Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | |||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2026-06-17 | 3.3 LOW | 5.7 MEDIUM |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
| CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | |||||
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | |||||
| CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2026-06-17 | 6.4 MEDIUM | 7.5 HIGH |
| The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | |||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | |||||