Vulnerabilities (CVE)

Filtered by CWE-284
Total 2844 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8584 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 7.5 HIGH 9.8 CRITICAL
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
CVE-2016-1220 1 Cybozu 1 Garoon 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVE-2016-6755 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916.
CVE-2016-6077 1 Ibm 1 Cognos Disclosure Management 2025-04-20 6.8 MEDIUM 5.3 MEDIUM
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
CVE-2016-8435 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.
CVE-2016-9245 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
CVE-2016-10335 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
CVE-2015-3302 1 Thecartpress 1 Thecartpress Ecommerce Shopping Cart 2025-04-20 5.0 MEDIUM 7.5 HIGH
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
CVE-2016-9818 1 Xen 1 Xen 2025-04-20 4.9 MEDIUM 6.5 MEDIUM
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2016-6789 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789.
CVE-2016-9016 1 Firejail Project 1 Firejail 2025-04-20 7.2 HIGH 8.8 HIGH
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2015-9064 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
CVE-2016-9368 1 Eaton 1 Xcomfort Ethernet Communication Interface 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
CVE-2016-8032 1 Mcafee 1 Anti-malware Scan Engine 2025-04-20 4.4 MEDIUM 7.3 HIGH
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
CVE-2015-1336 3 Canonical, Debian, Man-db Project 3 Ubuntu Linux, Debian Linux, Man-db 2025-04-20 7.2 HIGH 7.8 HIGH
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2016-4305 1 Kaspersky 1 Internet Security 2025-04-20 2.1 LOW 5.5 MEDIUM
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
CVE-2016-6337 1 Mediawiki 1 Mediawiki 2025-04-20 5.0 MEDIUM 7.5 HIGH
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
CVE-2016-8415 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596.
CVE-2016-5239 1 Imagemagick 1 Imagemagick 2025-04-20 7.5 HIGH 9.8 CRITICAL
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-8010 1 Mcafee 2 Application Control, Endpoint Security 2025-04-20 4.6 MEDIUM 7.8 HIGH
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.