Vulnerabilities (CVE)

Filtered by CWE-284
Total 2618 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8311 1 Oracle 1 Flexcube Universal Banking 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts).
CVE-2016-6777 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777.
CVE-2016-8282 1 Oracle 1 Flexcube Private Banking 2025-04-20 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).
CVE-2016-10369 1 Lxterminal Project 1 Lxterminal 2025-04-20 4.6 MEDIUM 7.8 HIGH
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-5217 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2015-3653 1 Arubanetworks 1 Clearpass 2025-04-20 9.0 HIGH 7.2 HIGH
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
CVE-2016-8010 1 Mcafee 2 Application Control, Endpoint Security 2025-04-20 4.6 MEDIUM 7.8 HIGH
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility.
CVE-2015-9047 1 Google 1 Android 2025-04-20 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
CVE-2014-9827 1 Imagemagick 1 Imagemagick 2025-04-20 6.8 MEDIUM 8.8 HIGH
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVE-2016-5206 1 Google 1 Chrome 2025-04-20 6.8 MEDIUM 8.8 HIGH
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
CVE-2016-8643 1 Moodle 1 Moodle 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVE-2016-6760 1 Linux 1 Linux Kernel 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783.
CVE-2016-8393 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920.
CVE-2016-2788 1 Puppet 2 Marionette Collective, Puppet Enterprise 2025-04-20 7.5 HIGH 9.8 CRITICAL
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2016-4908 1 Cybozu 1 Garoon 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVE-2015-9245 1 Progress 1 Openedge 2025-04-20 7.5 HIGH 9.8 CRITICAL
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
CVE-2016-5058 1 Osram 1 Lightify Pro 2025-04-20 5.0 MEDIUM 7.5 HIGH
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
CVE-2016-7408 1 Dropbear Ssh Project 1 Dropbear Ssh 2025-04-20 6.5 MEDIUM 8.8 HIGH
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVE-2016-8792 1 Huawei 6 Mate 8, Mate 8 Firmware, Mate S and 3 more 2025-04-20 6.2 MEDIUM 7.1 HIGH
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.
CVE-2016-5750 1 Netiq 1 Access Manager 2025-04-20 6.5 MEDIUM 8.8 HIGH
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.