Search Results (5484 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2809 2 Microsoft, Mozilla 2 Windows, Firefox 2025-04-12 N/A
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
CVE-2016-2557 2 Microsoft, Nvidia 3 Windows, Gpu Driver R340, Gpu Driver R352 2025-04-12 8.4 High
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.
CVE-2016-2556 2 Microsoft, Nvidia 3 Windows, Gpu Driver R340, Gpu Driver R352 2025-04-12 7.8 High
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.
CVE-2016-2288 1 Cogentdatahub 1 Cogent Datahub 2025-04-12 N/A
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
CVE-2016-2281 1 Abb 1 Panel Builder 800 2025-04-12 N/A
Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2016-2246 1 Hp 1 Thinpro 2025-04-12 N/A
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
CVE-2016-2206 1 Symantec 2 Workspace Streaming, Workspace Virtualization 2025-04-12 N/A
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
CVE-2016-2202 1 Symantec 1 Altiris It Management Suite 2025-04-12 N/A
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.
CVE-2016-2190 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
CVE-2016-2171 1 Apache 1 Jetspeed 2025-04-12 N/A
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
CVE-2016-2160 1 Redhat 2 Openshift, Openshift Origin 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2016-2155 1 Moodle 1 Moodle 2025-04-12 N/A
The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role.
CVE-2016-2077 2 Microsoft, Vmware 3 Windows, Player, Workstation 2025-04-12 N/A
VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.
CVE-2016-2071 1 Citrix 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway 2025-04-12 N/A
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
CVE-2016-2060 1 Google 1 Android 2025-04-12 N/A
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
CVE-2016-2057 2 Debian, Xymon 2 Debian Linux, Xymon 2025-04-12 N/A
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
CVE-2016-1773 1 Apple 1 Mac Os X 2025-04-12 N/A
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
CVE-2016-1751 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-12 N/A
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
CVE-2016-1742 1 Apple 1 Itunes 2025-04-12 N/A
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2016-1734 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.