Export limit exceeded: 343523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5485 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2025-04-12 | N/A |
| Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | ||||
| CVE-2016-2363 | 1 Fonality | 1 Fonality | 2025-04-12 | N/A |
| Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account. | ||||
| CVE-2016-2353 | 1 Accellion | 1 File Transfer Appliance | 2025-04-12 | N/A |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | ||||
| CVE-2016-2352 | 1 Accellion | 1 File Transfer Appliance | 2025-04-12 | N/A |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | ||||
| CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2025-04-12 | N/A |
| auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | ||||
| CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2025-04-12 | N/A |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | ||||
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-12 | N/A |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | ||||
| CVE-2016-2281 | 1 Abb | 1 Panel Builder 800 | 2025-04-12 | N/A |
| Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2025-04-12 | N/A |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | ||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2025-04-12 | N/A |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | ||||
| CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2025-04-12 | N/A |
| The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | ||||
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | ||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | ||||
| CVE-2016-1954 | 5 Mozilla, Novell, Opensuse and 2 more | 7 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 4 more | 2025-04-12 | N/A |
| The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | ||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | ||||
| CVE-2016-1909 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session. | ||||
| CVE-2016-1906 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | N/A |
| Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||||
| CVE-2016-1896 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2025-04-12 | N/A |
| Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | ||||
| CVE-2016-1887 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | ||||