Vulnerabilities (CVE)

Filtered by CWE-264
Total 5231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1622 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2024-11-21 6.8 MEDIUM 8.8 HIGH
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
CVE-2016-1611 1 Novell 1 Filr 2024-11-21 7.2 HIGH 7.8 HIGH
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.
CVE-2016-1597 1 Netiq 1 Access Governance Suite 2024-11-21 9.0 HIGH 8.8 HIGH
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.
CVE-2016-1580 1 Canonical 2 Ubuntu-core-launcher, Ubuntu Linux 2024-11-21 10.0 HIGH 9.8 CRITICAL
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
CVE-2016-1579 1 Canonical 1 Ubuntu Download Manager 2024-11-21 7.5 HIGH 6.7 MEDIUM
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
CVE-2016-1531 1 Exim 1 Exim 2024-11-21 6.9 MEDIUM 7.0 HIGH
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVE-2016-1458 1 Cisco 1 Firepower Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
CVE-2016-1457 1 Cisco 1 Firepower Management Center 2024-11-21 9.0 HIGH 8.8 HIGH
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
CVE-2016-1456 1 Cisco 1 Ios Xr 2024-11-21 7.2 HIGH 7.8 HIGH
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.
CVE-2016-1435 1 Cisco 2 Ip Phone 8800, Ip Phone 8800 Series Firmware 2024-11-21 6.2 MEDIUM 7.0 HIGH
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
CVE-2016-1416 1 Cisco 1 Prime Collaboration Provisioning 2024-11-21 10.0 HIGH 9.8 CRITICAL
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.
CVE-2016-1394 1 Cisco 1 Firesight System Software 2024-11-21 7.5 HIGH 8.6 HIGH
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
CVE-2016-1386 1 Cisco 1 Application Policy Infrastructure Controller Enterprise Module 2024-11-21 5.0 MEDIUM 7.5 HIGH
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.
CVE-2016-1384 1 Cisco 2 Ios, Ios Xe 2024-11-21 5.0 MEDIUM 7.5 HIGH
The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.
CVE-2016-1366 1 Cisco 1 Ios Xr 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.
CVE-2016-1341 1 Cisco 1 Nx-os 2024-11-21 6.9 MEDIUM 9.8 CRITICAL
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.
CVE-2016-1337 1 Cisco 2 Epc3928, Epc3928 Firmware 2024-11-21 4.3 MEDIUM 8.1 HIGH
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
CVE-2016-1335 1 Cisco 1 Asr 5000 Series Software 2024-11-21 7.1 HIGH 7.5 HIGH
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
CVE-2016-1324 1 Cisco 1 Spark 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
CVE-2016-1322 1 Cisco 1 Spark 2024-11-21 5.0 MEDIUM 7.5 HIGH
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.