Search Results (9542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7661 1 Apple 2 Iphone Os, Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
CVE-2015-7317 2 Kupu Project, Plone 2 Kupu, Plone 2025-04-20 N/A
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
CVE-2014-8708 1 Pluck-cms 1 Pluck 2025-04-20 N/A
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2016-8589 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8644 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
CVE-2017-0310 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2025-04-20 N/A
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.
CVE-2016-0732 2 Cloudfoundry, Pivotal 4 Cf-release, Uaa-release, User Account And Authentication and 1 more 2025-04-20 8.8 High
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
CVE-2016-6299 2 Fedoraproject, Mock Project 2 Fedora, Scm Plugin 2025-04-20 N/A
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
CVE-2014-9262 1 Snapcreek 1 Duplicator 2025-04-20 N/A
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
CVE-2014-9922 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2015-8089 1 Huawei 6 P7-l00, P7-l00 Firmware, P7-l05 and 3 more 2025-04-20 N/A
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.
CVE-2016-10277 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
CVE-2016-10281 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.
CVE-2016-5934 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-20 N/A
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
CVE-2016-5863 1 Google 1 Android 2025-04-20 N/A
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.
CVE-2016-8586 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8590 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-7786 1 Sophos 2 Cyberoam Cr25ing Utm, Cyberoam Cr25ing Utm Firmware 2025-04-20 N/A
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
CVE-2016-8591 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.