Filtered by CWE-264
Total 5449 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-4716 1 Apple 1 Mac Os X 2024-11-21 N/A
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
CVE-2016-4713 1 Apple 1 Mac Os X 2024-11-21 N/A
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
CVE-2016-4686 1 Apple 1 Iphone Os 2024-11-21 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
CVE-2016-4675 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-11-21 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4654 1 Apple 1 Iphone Os 2024-11-21 N/A
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4652 1 Apple 1 Mac Os X 2024-11-21 N/A
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
CVE-2016-4638 1 Apple 1 Mac Os X 2024-11-21 N/A
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
CVE-2016-4633 1 Apple 1 Mac Os X 2024-11-21 N/A
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4617 1 Apple 1 Mac Os X 2024-11-21 N/A
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component.
CVE-2016-4573 1 Fortinet 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more 2024-11-21 N/A
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.
CVE-2016-4565 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2024-11-21 7.8 High
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4534 2 Mcafee, Microsoft 2 Virusscan Enterprise, Windows 2024-11-21 N/A
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
CVE-2016-4505 1 Resourcedm 1 Intuitive 650 Tdb Controller 2024-11-21 N/A
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.
CVE-2016-4480 2 Oracle, Xen 2 Vm Server, Xen 2024-11-21 N/A
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
CVE-2016-4471 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2024-11-21 N/A
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
CVE-2016-4455 1 Redhat 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2024-11-21 3.3 Low
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2016-4440 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.
CVE-2016-4435 1 Pivotal 1 Bosh Stemcell 2024-11-21 N/A
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
CVE-2016-4382 1 Hp 1 Performance Center 2024-11-21 N/A
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.
CVE-2016-4381 1 Hp 1 Xp7 Command View 2024-11-21 N/A
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.