Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1152 1 Cybozu 1 Office 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
CVE-2016-10935 1 Visser 1 Store Exporter For Woocommerce 2026-06-17 7.5 HIGH 9.8 CRITICAL
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
CVE-2016-10929 1 Advanced Ajax Page Loader Project 1 Advanced Ajax Page Loader 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
CVE-2016-10923 1 Visser 1 Store Toolkit For Woocommerce 2026-06-17 7.5 HIGH 9.8 CRITICAL
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
CVE-2016-10922 1 Visser 1 Store Toolkit For Woocommerce 2026-06-17 7.5 HIGH 9.8 CRITICAL
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
CVE-2016-10886 1 Benjaminrojas 1 Wp Editor 2026-06-17 7.5 HIGH 9.8 CRITICAL
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
CVE-2016-10730 2 Redhat, Zmanda 2 Enterprise Linux, Amanda 2026-06-17 7.2 HIGH 7.8 HIGH
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
CVE-2016-10700 1 Cacti 1 Cacti 2026-06-17 6.5 MEDIUM 8.8 HIGH
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVE-2016-10457 1 Qualcomm 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, app is requesting more permissions than required.
CVE-2016-10451 1 Qualcomm 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more 2026-06-17 7.2 HIGH 7.8 HIGH
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, privilege escalation may occur due to inherently insecure treatment of local files.
CVE-2016-10398 1 Google 1 Android 2026-06-17 7.2 HIGH 6.2 MEDIUM
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.
CVE-2016-10372 1 Eir 2 D1000 Modem, D1000 Modem Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.
CVE-2016-10364 1 Elastic 1 Kibana 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
CVE-2016-10345 1 Phusion 1 Passenger 2026-06-17 4.6 MEDIUM 7.8 HIGH
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVE-2016-10341 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.
CVE-2016-10323 1 Synology 1 Photo Station 2026-06-17 7.2 HIGH 7.8 HIGH
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
CVE-2016-10318 1 Linux 1 Linux Kernel 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
CVE-2016-10299 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
CVE-2016-10298 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
CVE-2016-10291 1 Linux 1 Linux Kernel 2026-06-17 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.