CVEs from 2016
Total
8,465
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10395 | high | 7.8 | 7.8 | 9y ago | In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licen… | |||
| CVE-2016-10342 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. | |||
| CVE-2016-10341 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. | |||
| CVE-2016-10340 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. | |||
| CVE-2016-10338 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. | |||
| CVE-2016-7838 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||
| CVE-2016-7837 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. | |||
| CVE-2016-7818 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption progr… | |||
| CVE-2016-4902 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for… | |||
| CVE-2016-4973 | high | 7.8 | 7.8 | 9y ago | Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Si… | |||
| CVE-2016-8228 | high | 7.8 | 7.8 | 9y ago | In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||
| CVE-2016-5735 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | |||
| CVE-2016-1876 | high | 7.8 | 7.8 | 9y ago | The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | |||
| CVE-2016-7804 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-4901 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-4900 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-10239 | high | 7.8 | 7.8 | 9y ago | In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a … | |||
| CVE-2016-10238 | high | 7.8 | 7.8 | 9y ago | In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. | |||
| CVE-2016-10237 | high | 7.8 | 7.8 | 9y ago | If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not … | |||
| CVE-2016-4838 | high | 7.8 | 7.8 | 9y ago | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0… | |||
| CVE-2016-10277 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Cr… | |||
| CVE-2016-10276 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2016-10275 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2016-10274 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a… | |||
| CVE-2016-9100 | high | 7.8 | 7.8 | 9y ago | Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible … | |||
| CVE-2016-10369 | high | 7.8 | 7.8 | 9y ago | unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypass… | |||
| CVE-2016-6915 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | |||
| CVE-2016-6917 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | |||
| CVE-2016-6916 | high | 7.8 | 7.8 | 9y ago | Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denia… | |||
| CVE-2016-4313 | high | 7.8 | 7.8 | 9y ago | Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||
| CVE-2016-5399 | high | 7.8 | 7.8 | 9y ago | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary co… | |||
| CVE-2016-2347 | high | 7.8 | 7.8 | 9y ago | Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||
| CVE-2016-1520 | high | 7.8 | 7.8 | 9y ago | The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted … | |||
| CVE-2016-4846 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | |||
| CVE-2016-4650 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of… | |||
| CVE-2016-4293 | high | 7.8 | 7.8 | 9y ago | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via… | |||
| CVE-2016-8602 | high | 7.8 | 7.8 | 9y ago | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscrip… | |||
| CVE-2016-6299 | high | 7.8 | 7.8 | 9y ago | The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | |||
| CVE-2016-0727 | high | 7.8 | 7.8 | 9y ago | The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3… | |||
| CVE-2016-10123 | high | 7.8 | 7.8 | 9y ago | Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | |||
| CVE-2016-10122 | high | 7.8 | 7.8 | 9y ago | Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||
| CVE-2016-10121 | high | 7.8 | 7.8 | 9y ago | Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | |||
| CVE-2016-10120 | high | 7.8 | 7.8 | 9y ago | Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | |||
| CVE-2016-10119 | high | 7.8 | 7.8 | 9y ago | Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | |||
| CVE-2016-10117 | high | 7.8 | 7.8 | 9y ago | Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | |||
| CVE-2016-9959 | high | 7.8 | 7.8 | 9y ago | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | |||
| CVE-2016-9958 | high | 7.8 | 7.8 | 9y ago | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | |||
| CVE-2016-9957 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in game-music-emu before 0.6.1. | |||
| CVE-2016-8235 | high | 7.8 | 7.8 | 9y ago | Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||
| CVE-2016-10323 | high | 7.8 | 7.8 | 9y ago | Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | |||
| CVE-2016-10320 | high | 7.8 | 7.8 | 9y ago | textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. | |||
| CVE-2016-5870 | high | 7.8 | 7.8 | 9y ago | The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MS… | |||
| CVE-2016-3740 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value i… | |||
| CVE-2016-10317 | high | 7.8 | 7.8 | 9y ago | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application c… | |||
| CVE-2016-8768 | high | 7.8 | 7.8 | 9y ago | Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system o… | |||
| CVE-2016-8763 | high | 7.8 | 7.8 | 9y ago | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 a… | |||
| CVE-2016-8761 | high | 7.8 | 7.8 | 9y ago | Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows … | |||
| CVE-2016-8760 | high | 7.8 | 7.8 | 9y ago | Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which al… | |||
| CVE-2016-8759 | high | 7.8 | 7.8 | 9y ago | Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows … | |||
| CVE-2016-8274 | high | 7.8 | 7.8 | 9y ago | Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. | |||
| CVE-2016-8273 | high | 7.8 | 7.8 | 9y ago | Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can la… | |||
| CVE-2016-10272 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and… | |||
| CVE-2016-10271 | high | 7.8 | 7.8 | 9y ago | tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF i… | |||
| CVE-2016-10270 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and li… | |||
| CVE-2016-10269 | high | 7.8 | 7.8 | 9y ago | LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer… | |||
| CVE-2016-10268 | high | 7.8 | 7.8 | 9y ago | tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF … | |||
| CVE-2016-9387 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an asse… | |||
| CVE-2016-8886 | high | 7.8 | 7.8 | 9y ago | The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. | |||
| CVE-2016-10059 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. | |||
| CVE-2016-10057 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impa… | |||
| CVE-2016-10056 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact … | |||
| CVE-2016-10055 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact v… | |||
| CVE-2016-10054 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact v… | |||
| CVE-2016-10052 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact v… | |||
| CVE-2016-10051 | high | 7.8 | 7.8 | 9y ago | Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified imp… | |||
| CVE-2016-10050 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impac… | |||
| CVE-2016-10049 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact vi… | |||
| CVE-2016-9775 | high | 7.8 | 7.8 | 9y ago | The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 L… | |||
| CVE-2016-9774 | high | 7.8 | 7.8 | 9y ago | The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7… | |||
| CVE-2016-1602 | high | 7.8 | 7.8 | 9y ago | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attacke… | |||
| CVE-2016-5857 | high | 7.8 | 7.8 | 9y ago | The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm… | |||
| CVE-2016-10168 | high | 7.8 | 7.8 | 9y ago | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks i… | |||
| CVE-2016-10251 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized… | |||
| CVE-2016-10249 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buf… | |||
| CVE-2016-8026 | high | 7.8 | 7.8 | 9y ago | Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. | |||
| CVE-2016-8012 | high | 7.8 | 7.8 | 9y ago | Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other p… | |||
| CVE-2016-8010 | high | 7.8 | 7.8 | 9y ago | Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local securit… | |||
| CVE-2016-8009 | high | 7.8 | 7.8 | 9y ago | Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code executi… | |||
| CVE-2016-8479 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2016-6241 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||
| CVE-2016-6240 | high | 7.8 | 7.8 | 9y ago | Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||
| CVE-2016-10244 | high | 7.8 | 7.8 | 9y ago | The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buf… | |||
| CVE-2016-10065 | high | 7.8 | 7.8 | 9y ago | The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||
| CVE-2016-10064 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||
| CVE-2016-10063 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to… | |||
| CVE-2016-2880 | high | 7.8 | 7.8 | 9y ago | IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. | |||
| CVE-2016-2879 | high | 7.8 | 7.8 | 9y ago | IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341. | |||
| CVE-2016-10094 | high | 7.8 | 7.8 | 9y ago | Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | |||
| CVE-2016-10093 | high | 7.8 | 7.8 | 9y ago | Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.… | |||
| CVE-2016-10092 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.… |