CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8715 | high | 7.8 | 7.8 | 9y ago | An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary cod… | |||
| CVE-2016-8389 | high | 7.8 | 7.8 | 9y ago | An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and t… | |||
| CVE-2016-8388 | high | 7.8 | 7.8 | 9y ago | An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object … | |||
| CVE-2016-8387 | high | 7.8 | 7.8 | 9y ago | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an… | |||
| CVE-2016-8386 | high | 7.8 | 7.8 | 9y ago | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search th… | |||
| CVE-2016-8385 | high | 7.8 | 7.8 | 9y ago | An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be lef… | |||
| CVE-2016-2226 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | |||
| CVE-2016-8636 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain se… | |||
| CVE-2016-9314 | high | 7.8 | 7.8 | 9y ago | Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent… | |||
| CVE-2016-7742 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted arch… | |||
| CVE-2016-7661 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr… | |||
| CVE-2016-7660 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow… | |||
| CVE-2016-7655 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users… | |||
| CVE-2016-7644 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7637 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7633 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial … | |||
| CVE-2016-7629 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged conte… | |||
| CVE-2016-7622 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial… | |||
| CVE-2016-7621 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7618 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2016-7617 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7616 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It … | |||
| CVE-2016-7613 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-7612 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7606 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7602 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi… | |||
| CVE-2016-7584 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-7583 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a cr… | |||
| CVE-2016-4780 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged cont… | |||
| CVE-2016-4683 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial… | |||
| CVE-2016-4681 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2016-4678 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service… | |||
| CVE-2016-4675 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4674 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (mem… | |||
| CVE-2016-4673 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4671 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial… | |||
| CVE-2016-4662 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privil… | |||
| CVE-2016-6252 | high | 7.8 | 7.8 | 9y ago | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | |||
| CVE-2016-9831 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | |||
| CVE-2016-9829 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | |||
| CVE-2016-9560 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. | |||
| CVE-2016-8972 | high | 7.8 | 7.8 | 9y ago | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||
| CVE-2016-8693 | high | 7.8 | 7.8 | 9y ago | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cra… | |||
| CVE-2016-8684 | high | 7.8 | 7.8 | 9y ago | The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file tr… | |||
| CVE-2016-8683 | high | 7.8 | 7.8 | 9y ago | The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file trunc… | |||
| CVE-2016-6079 | high | 7.8 | 7.8 | 9y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… | |||
| CVE-2016-1889 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descripto… | |||
| CVE-2016-1883 | high | 7.8 | 7.8 | 9y ago | The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | |||
| CVE-2016-1881 | high | 7.8 | 7.8 | 9y ago | The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. | |||
| CVE-2016-1880 | high | 7.8 | 7.8 | 9y ago | The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "han… | |||
| CVE-2016-10089 | high | 7.8 | 7.8 | 9y ago | Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | |||
| CVE-2016-9356 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | |||
| CVE-2016-9353 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could … | |||
| CVE-2016-8566 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the … | |||
| CVE-2016-5805 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based … | |||
| CVE-2016-5802 | high | 7.8 | 7.8 | 9y ago | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write … | |||
| CVE-2016-2568 | high | 7.8 | 7.8 | 9y ago | pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||
| CVE-2016-8713 | high | 7.8 | 7.8 | 9y ago | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potent… | |||
| CVE-2016-8711 | high | 7.8 | 7.8 | 9y ago | A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. … | |||
| CVE-2016-8709 | high | 7.8 | 7.8 | 9y ago | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential me… | |||
| CVE-2016-0214 | high | 7.8 | 7.8 | 9y ago | IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be exe… | |||
| CVE-2016-2779 | high | 7.8 | 7.8 | 9y ago | runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||
| CVE-2016-10044 | high | 7.8 | 7.8 | 9y ago | The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions… | |||
| CVE-2016-10153 | high | 7.8 | 7.8 | 9y ago | The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor… | |||
| CVE-2016-9739 | high | 7.8 | 7.8 | 9y ago | IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. | |||
| CVE-2016-6065 | high | 7.8 | 7.8 | 9y ago | IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | |||
| CVE-2016-5985 | high | 7.8 | 7.8 | 9y ago | The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrar… | |||
| CVE-2016-3053 | high | 7.8 | 7.8 | 9y ago | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||
| CVE-2016-4038 | high | 7.8 | 7.8 | 9y ago | Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L … | |||
| CVE-2016-8703 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8702 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8701 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8700 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8699 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8698 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability … | |||
| CVE-2016-8686 | high | 7.8 | 7.8 | 10y ago | The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||
| CVE-2016-6268 | high | 7.8 | 7.8 | 10y ago | Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan hors… | |||
| CVE-2016-6167 | high | 7.8 | 7.8 | 10y ago | Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll f… | |||
| CVE-2016-2399 | high | 7.8 | 7.8 | 10y ago | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h… | |||
| CVE-2016-9795 | high | 7.8 | 7.8 | 10y ago | The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Unive… | |||
| CVE-2016-9453 | high | 7.8 | 7.8 | 10y ago | The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIF… | |||
| CVE-2016-8710 | high | 7.8 | 7.8 | 10y ago | An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causin… | |||
| CVE-2016-8227 | high | 7.8 | 7.8 | 10y ago | Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | |||
| CVE-2016-8225 | high | 7.8 | 7.8 | 10y ago | Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | |||
| CVE-2016-10013 | high | 7.8 | 7.8 | 10y ago | Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | |||
| CVE-2016-9447 | high | 7.8 | 7.8 | 10y ago | The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music f… | |||
| CVE-2016-9386 | high | 7.8 | 7.8 | 10y ago | The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base… | |||
| CVE-2016-9382 | high | 7.8 | 7.8 | 10y ago | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a gue… | |||
| CVE-2016-5720 | high | 7.8 | 7.8 | 10y ago | Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) c… | |||
| CVE-2016-1281 | high | 7.8 | 7.8 | 10y ago | Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrato… | |||
| CVE-2016-10156 | high | 7.8 | 7.8 | 10y ago | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th… | |||
| CVE-2016-10075 | high | 7.8 | 7.8 | 10y ago | The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. | |||
| CVE-2016-6527 | high | 7.8 | 7.8 | 10y ago | The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a… | |||
| CVE-2016-6526 | high | 7.8 | 7.8 | 10y ago | The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a … | |||
| CVE-2016-9809 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. | |||
| CVE-2016-10139 | high | 7.8 | 7.8 | 10y ago | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.syso… | |||
| CVE-2016-10138 | high | 7.8 | 7.8 | 10y ago | An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the c… | |||
| CVE-2016-10137 | high | 7.8 | 7.8 | 10y ago | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sys… | |||
| CVE-2016-10136 | high | 7.8 | 7.8 | 10y ago | An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sys… | |||
| CVE-2016-6492 | high | 7.8 | 7.8 | 10y ago | The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL c… |