Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | ||||
CVE-2016-4654 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
CVE-2016-4686 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. | ||||
CVE-2016-4675 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2016-4633 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | ||||
CVE-2016-4565 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-08-06 | 7.8 High |
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | ||||
CVE-2016-4617 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | ||||
CVE-2016-4573 | 1 Fortinet | 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more | 2024-08-06 | N/A |
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. | ||||
CVE-2016-4505 | 1 Resourcedm | 1 Intuitive 650 Tdb Controller | 2024-08-06 | N/A |
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | ||||
CVE-2016-4534 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2024-08-06 | N/A |
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles. | ||||
CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-08-06 | N/A |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | ||||
CVE-2016-4471 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-06 | N/A |
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | ||||
CVE-2016-4455 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2024-08-06 | 3.3 Low |
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. | ||||
CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2024-08-06 | 7.8 High |
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | ||||
CVE-2016-4435 | 1 Pivotal | 1 Bosh Stemcell | 2024-08-06 | N/A |
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | ||||
CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2024-08-06 | N/A |
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2016-4382 | 1 Hp | 1 Performance Center | 2024-08-06 | N/A |
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. | ||||
CVE-2016-4340 | 1 Gitlab | 1 Gitlab | 2024-08-06 | N/A |
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | ||||
CVE-2016-4158 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2024-08-06 | N/A |
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. |