Vulnerabilities (CVE)

Filtered by CWE-284
Total 3294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8938 1 Ibm 1 Urbancode Deploy 2025-04-20 10.0 HIGH 10.0 CRITICAL
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
CVE-2015-1336 3 Canonical, Debian, Man-db Project 3 Ubuntu Linux, Debian Linux, Man-db 2025-04-20 7.2 HIGH 7.8 HIGH
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2016-7807 1 Iodata 2 Wfs-sr01, Wfs-sr01 Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
CVE-2016-8435 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.
CVE-2015-7263 1 Proxygen Project 1 Proxygen 2025-04-20 5.0 MEDIUM 7.5 HIGH
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
CVE-2016-10237 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.
CVE-2016-8282 1 Oracle 1 Flexcube Private Banking 2025-04-20 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).
CVE-2016-8798 1 Huawei 2 Usg5500, Usg5500 Firmware 2025-04-20 7.8 HIGH 7.5 HIGH
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
CVE-2016-6782 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506.
CVE-2014-3929 1 Lg Project 1 Lg 2025-04-20 5.0 MEDIUM 7.5 HIGH
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVE-2016-1894 1 Netapp 1 Oncommand Workflow Automation 2025-04-20 9.3 HIGH 8.1 HIGH
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2015-5293 1 Redhat 1 Enterprise Virtualization Manager 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
CVE-2016-10369 1 Lxterminal Project 1 Lxterminal 2025-04-20 4.6 MEDIUM 7.8 HIGH
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2015-8140 1 Ntp 1 Ntp 2025-04-20 5.8 MEDIUM 4.8 MEDIUM
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2016-6044 1 Ibm 1 Tivoli Storage Manager 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
CVE-2016-8791 1 Huawei 6 Mate 8, Mate 8 Firmware, Mate S and 3 more 2025-04-20 6.2 MEDIUM 7.1 HIGH
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.
CVE-2016-3733 1 Moodle 1 Moodle 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
CVE-2016-8434 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.
CVE-2016-4908 1 Cybozu 1 Garoon 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVE-2016-8418 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.