NVD List
| Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 17428 | CVE-2016-1004 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | 1 | 2017-01-19 | 2016-12-30 | View | |||
| 17429 | CVE-2016-10041 | An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers. | 2 | 4.6 | Medium | 2017-01-19 | 2017-01-06 | View | |
| 81715 | CVE-2016-10043 | An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application"s responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application"s owner (apache user). | 2 | 10 | High | 2017-03-18 | 2017-03-13 | View | |
| 81716 | CVE-2016-10044 | The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | 2 | 7.2 | High | 2017-02-15 | 2017-02-09 | View | |
| 17430 | CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. | 2 | 7.5 | High | 2017-01-30 | 2017-01-25 | View |
Page 15342 of 17672, showing 5 records out of 88360 total, starting on record 76706, ending on 76710
