Vulnerabilities (CVE)

Filtered by CWE-284
Total 2618 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3757 1 Apple 1 Mac Os X 2025-04-12 2.1 LOW N/A
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
CVE-2016-1638 1 Google 1 Chrome 2025-04-12 6.8 MEDIUM 6.3 MEDIUM
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.
CVE-2015-0297 1 Redhat 1 Jboss Operations Network 2025-04-12 9.0 HIGH N/A
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
CVE-2016-5173 1 Google 1 Chrome 2025-04-12 6.8 MEDIUM 7.1 HIGH
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
CVE-2016-0349 1 Ibm 1 Business Process Manager 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
CVE-2016-7212 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 9.3 HIGH 7.8 HIGH
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
CVE-2015-7055 1 Apple 2 Iphone Os, Tvos 2025-04-12 9.3 HIGH N/A
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-5661 1 Accela 1 Civic Platform Citizen Access Portal 2025-04-12 6.5 MEDIUM 8.8 HIGH
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.
CVE-2016-8630 1 Linux 1 Linux Kernel 2025-04-12 4.9 MEDIUM 5.5 MEDIUM
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
CVE-2014-0228 1 Apache 1 Hive 2025-04-12 3.5 LOW N/A
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
CVE-2016-8285 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway 2025-04-12 4.9 MEDIUM 4.8 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway.
CVE-2016-5393 1 Apache 1 Hadoop 2025-04-12 6.5 MEDIUM 8.8 HIGH
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
CVE-2015-0926 1 Labtech Software 1 Labtech 2025-04-12 6.8 MEDIUM N/A
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.
CVE-2016-5130 1 Google 1 Chrome 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2016-5525 1 Oracle 1 Solaris Cluster 2025-04-12 2.1 LOW 3.3 LOW
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.
CVE-2015-6984 1 Apple 1 Mac Os X 2025-04-12 8.8 HIGH N/A
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
CVE-2016-4495 1 Kmc Controls 2 Bac-5051e, Bac-5051e Firmware 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.
CVE-2016-10084 1 Piwigo 1 Piwigo 2025-04-12 6.5 MEDIUM 7.2 HIGH
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
CVE-2015-7395 1 Ibm 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more 2025-04-12 4.0 MEDIUM N/A
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
CVE-2016-5570 1 Oracle 1 Applications Dba 2025-04-12 5.5 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities.