Vulnerabilities (CVE)

Filtered by CWE-264
Total 5244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 9.0 HIGH 8.8 HIGH
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2016-8456 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580.
CVE-2016-1881 1 Freebsd 1 Freebsd 2025-04-20 7.2 HIGH 7.8 HIGH
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
CVE-2015-7260 1 Vertiv 1 Liebert Multilink Automated Shutdown 2025-04-20 7.2 HIGH 7.8 HIGH
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
CVE-2016-8589 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 9.0 HIGH 8.8 HIGH
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2014-7920 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
CVE-2015-8671 1 Huawei 1 Logcenter 2025-04-20 6.5 MEDIUM 8.8 HIGH
Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.
CVE-2015-8991 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2025-04-20 6.9 MEDIUM 7.0 HIGH
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2016-5868 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.
CVE-2016-8447 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886.
CVE-2016-9353 1 Advantech 1 Susiaccess 2025-04-20 7.2 HIGH 7.8 HIGH
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.
CVE-2016-7583 1 Apple 1 Icloud 2025-04-20 4.6 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.
CVE-2016-10118 1 Firejail Project 1 Firejail 2025-04-20 2.1 LOW 3.3 LOW
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
CVE-2016-8445 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983.
CVE-2016-5374 1 Netapp 1 Data Ontap 2025-04-20 6.5 MEDIUM 8.8 HIGH
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-8353 1 Osisoft 1 Pi Web Api 2015 R2 2025-04-20 5.5 MEDIUM 6.4 MEDIUM
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions.
CVE-2016-7613 1 Apple 4 Iphone Os, Mac Os X, Safari and 1 more 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
CVE-2015-4045 1 Alienvault 1 Open Source Security Information Management 2025-04-20 7.2 HIGH 6.7 MEDIUM
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
CVE-2016-6811 1 Apache 1 Hadoop 2025-04-20 9.0 HIGH 8.8 HIGH
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
CVE-2014-9262 1 Snapcreek 1 Duplicator 2025-04-20 5.5 MEDIUM 8.2 HIGH
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.