Code injection

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before...

CVE-2016-1457

The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance ASA Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML...

mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption...

mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML...

CVE-2016-0361

IBM General Parallel File System GPFS 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMI...

CVE-2016-5878

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-2875

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors...

CVE-2016-1430

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592...

Default configuration

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557...

CVE-2016-1468

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531...

CVE-2016-1430

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592...

Information disclosure

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

Crestron Electronics DM-TXRX-100-STR Security Restriction Bypass Vulnerability (CNVD-2016-05940)

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. A security vulnerability exists in the Crestron Electronics DM-TXRX-100-STR 1.3039.00040. It could allow a remote attacker to bypass authentication and change settings via JSON API calls...

Crestron Electronics DM-TXRX-100-STR Security Restriction Bypass Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. A security vulnerability exists in the Crestron Electronics DM-TXRX-100-STR 1.3039.00040. It could allow a remote attacker to bypass authentication by directly requesting a non-index.html page...

CVE-2016-1608

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter...

CVE-2016-3120

The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NU...

CVE-2016-4834

VTiger CRM (version 6.4.0 and earlier) is affected by CVE-2016-4834 due to insufficient access control in modules/Users/actions/Save.php, allowing remote authenticated users to create or modify user accounts. The OpenVAS entry corroborates privilege escalation and unrestricted file upload vectors...