CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4571 | medium | 5.5 | 5.5 | 9y ago | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | |||
| CVE-2016-4570 | medium | 5.5 | 5.5 | 9y ago | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | |||
| CVE-2016-4352 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | |||
| CVE-2016-2318 | medium | 5.5 | 5.5 | 9y ago | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartEle… | |||
| CVE-2016-2317 | medium | 5.5 | 5.5 | 9y ago | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) G… | |||
| CVE-2016-6238 | medium | 5.5 | 5.5 | 10y ago | The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file. | |||
| CVE-2016-6237 | medium | 5.5 | 5.5 | 10y ago | The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. | |||
| CVE-2016-6236 | medium | 5.5 | 5.5 | 10y ago | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. | |||
| CVE-2016-6235 | medium | 5.5 | 5.5 | 10y ago | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file. | |||
| CVE-2016-6234 | medium | 5.5 | 5.5 | 10y ago | The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | |||
| CVE-2016-8963 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2016-2941 | medium | 5.5 | 5.5 | 10y ago | IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | |||
| CVE-2016-8967 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. | |||
| CVE-2016-0371 | medium | 5.5 | 5.5 | 10y ago | The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. | |||
| CVE-2016-8981 | medium | 5.5 | 5.5 | 10y ago | IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | |||
| CVE-2016-8697 | medium | 5.5 | 5.5 | 10y ago | The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image. | |||
| CVE-2016-8696 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8695 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8694 | medium | 5.5 | 5.5 | 10y ago | The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulne… | |||
| CVE-2016-8685 | medium | 5.5 | 5.5 | 10y ago | The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. | |||
| CVE-2016-9039 | medium | 5.5 | 5.5 | 10y ago | An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An at… | |||
| CVE-2016-5434 | medium | 5.5 | 5.5 | 10y ago | libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | |||
| CVE-2016-5026 | medium | 5.5 | 5.5 | 10y ago | hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||
| CVE-2016-9298 | medium | 5.5 | 5.5 | 10y ago | Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted im… | |||
| CVE-2016-7569 | medium | 5.5 | 5.5 | 10y ago | Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||
| CVE-2016-5825 | medium | 5.5 | 5.5 | 10y ago | The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | |||
| CVE-2016-5824 | medium | 5.5 | 5.5 | 10y ago | libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||
| CVE-2016-5823 | medium | 5.5 | 5.5 | 10y ago | The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||
| CVE-2016-3996 | medium | 5.5 | 5.5 | 10y ago | ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | |||
| CVE-2016-1920 | medium | 5.5 | 5.5 | 10y ago | Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. | |||
| CVE-2016-9317 | medium | 5.5 | 5.5 | 10y ago | The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. | |||
| CVE-2016-6911 | medium | 5.5 | 5.5 | 10y ago | The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||
| CVE-2016-10025 | medium | 5.5 | 5.5 | 10y ago | VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging … | |||
| CVE-2016-9401 | medium | 5.5 | 5.5 | 10y ago | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |||
| CVE-2016-7410 | medium | 5.5 | 5.5 | 10y ago | The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | |||
| CVE-2016-10147 | medium | 5.5 | 5.5 | 10y ago | crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm… | |||
| CVE-2016-9278 | medium | 5.5 | 5.5 | 10y ago | The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE… | |||
| CVE-2016-9273 | medium | 5.5 | 5.5 | 10y ago | tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | |||
| CVE-2016-7906 | medium | 5.5 | 5.5 | 10y ago | magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | |||
| CVE-2016-9810 | medium | 5.5 | 5.5 | 10y ago | The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) v… | |||
| CVE-2016-9807 | medium | 5.5 | 5.5 | 10y ago | The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | |||
| CVE-2016-8883 | medium | 5.5 | 5.5 | 10y ago | The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-8882 | medium | 5.5 | 5.5 | 10y ago | The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2016-8467 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent … | |||
| CVE-2016-10135 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with … | |||
| CVE-2016-8463 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to … | |||
| CVE-2016-8462 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access … | |||
| CVE-2016-8461 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access … | |||
| CVE-2016-8460 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2016-8400 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Modera… | |||
| CVE-2016-8397 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2016-8396 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it… | |||
| CVE-2016-6773 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat… | |||
| CVE-2016-6767 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remot… | |||
| CVE-2016-6766 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High … | |||
| CVE-2016-6765 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the po… | |||
| CVE-2016-6764 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remot… | |||
| CVE-2016-6763 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the poss… | |||
| CVE-2016-9869 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … | |||
| CVE-2016-9868 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … | |||
| CVE-2016-4329 | medium | 5.5 | 5.5 | 10y ago | A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause ap… | |||
| CVE-2016-4307 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel dr… | |||
| CVE-2016-4306 | medium | 5.5 | 5.5 | 10y ago | Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memor… | |||
| CVE-2016-4305 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF ke… | |||
| CVE-2016-4304 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violatio… | |||
| CVE-2016-9776 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A pri… | |||
| CVE-2016-2198 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registe… | |||
| CVE-2016-2197 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List B… | |||
| CVE-2016-1981 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the in… | |||
| CVE-2016-1922 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp i… | |||
| CVE-2016-5329 | medium | 5.5 | 5.5 | 10y ago | VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecif… | |||
| CVE-2016-5328 | medium | 5.5 | 5.5 | 10y ago | VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism v… | |||
| CVE-2016-9756 | medium | 5.5 | 5.5 | 10y ago | arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel st… | |||
| CVE-2016-9685 | medium | 5.5 | 5.5 | 10y ago | Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operatio… | |||
| CVE-2016-9588 | medium | 5.5 | 5.5 | 10y ago | arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception… | |||
| CVE-2016-9923 | medium | 5.5 | 5.5 | 10y ago | Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could… | |||
| CVE-2016-6910 | medium | 5.5 | 5.5 | 10y ago | The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even af… | |||
| CVE-2016-9561 | medium | 5.5 | 5.5 | 10y ago | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a cr… | |||
| CVE-2016-8595 | medium | 5.5 | 5.5 | 10y ago | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||
| CVE-2016-7905 | medium | 5.5 | 5.5 | 10y ago | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | |||
| CVE-2016-7785 | medium | 5.5 | 5.5 | 10y ago | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||
| CVE-2016-7562 | medium | 5.5 | 5.5 | 10y ago | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | |||
| CVE-2016-7555 | medium | 5.5 | 5.5 | 10y ago | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | |||
| CVE-2016-7122 | medium | 5.5 | 5.5 | 10y ago | The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | |||
| CVE-2016-6881 | medium | 5.5 | 5.5 | 10y ago | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | |||
| CVE-2016-7295 | medium | 5.5 | 5.5 | 10y ago | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go… | |||
| CVE-2016-7267 | medium | 5.5 | 5.5 | 10y ago | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Se… | |||
| CVE-2016-7258 | medium | 5.5 | 5.5 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes v… | |||
| CVE-2016-7219 | medium | 5.5 | 5.5 | 10y ago | The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and… | |||
| CVE-2016-8826 | medium | 5.5 | 5.5 | 10y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a… | |||
| CVE-2016-6848 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious… | |||
| CVE-2016-4443 | medium | 5.5 | 5.5 | 10y ago | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | |||
| CVE-2016-6722 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en… | |||
| CVE-2016-6720 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en… | |||
| CVE-2016-6712 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a spec… | |||
| CVE-2016-6711 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a spec… | |||
| CVE-2016-7440 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differen… | |||
| CVE-2016-7439 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||
| CVE-2016-7438 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||
| CVE-2016-8104 | medium | 5.5 | 5.5 | 10y ago | Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. |