Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | ||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2025-04-20 | N/A |
| lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | ||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2025-04-20 | N/A |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | ||||
| CVE-2016-7583 | 1 Apple | 1 Icloud | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. | ||||
| CVE-2016-7628 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors. | ||||
| CVE-2016-7660 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | ||||
| CVE-2016-7661 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | ||||
| CVE-2016-7786 | 1 Sophos | 2 Cyberoam Cr25ing Utm, Cyberoam Cr25ing Utm Firmware | 2025-04-20 | N/A |
| Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5. | ||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2025-04-20 | N/A |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | ||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2025-04-20 | N/A |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | ||||
| CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2025-04-20 | N/A |
| IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | ||||
| CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 7.8 High |
| Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | ||||
| CVE-2016-6299 | 2 Fedoraproject, Mock Project | 2 Fedora, Scm Plugin | 2025-04-20 | N/A |
| The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | ||||
| CVE-2016-6492 | 1 Google | 1 Android | 2025-04-20 | N/A |
| The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call. | ||||
| CVE-2016-6526 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | N/A |
| The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | ||||
| CVE-2016-6527 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | N/A |
| The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | ||||