CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2163 | medium | 6.1 | 6.1 | 10y ago | Apache OpenMeetings Cross-site Scripting vulnerability | |||
| CVE-2016-0712 | medium | 6.1 | 6.1 | 10y ago | Cross-site Scripting in Apache Jetspeed | |||
| CVE-2016-0711 | medium | 6.1 | 6.1 | 10y ago | Apache Jetspeed vulnerable to Cross-site Scripting | |||
| CVE-2016-3984 | medium | 5.1 | 6.1 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,… | |||
| CVE-2016-1375 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2016-1180 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2016-3978 | medium | 6.1 | 6.1 | 10y ago | The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2016-2789 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbi… | |||
| CVE-2016-0789 | medium | 6.1 | 6.1 | 10y ago | Jenkins has CRLF Injection Vulnerability in the CLI | |||
| CVE-2016-2511 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. | |||
| CVE-2016-3975 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/… | |||
| CVE-2016-0734 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ | |||
| CVE-2016-1173 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1171 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1169 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-3969 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject… | |||
| CVE-2016-3968 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35i… | |||
| CVE-2016-1177 | medium | 6.1 | 6.1 | 10y ago | The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-1314 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bu… | |||
| CVE-2016-1160 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1599 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2016-0283 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to … | |||
| CVE-2016-2287 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0832 | medium | 6.1 | 6.1 | 10y ago | Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified… | |||
| CVE-2016-1355 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-1354 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,… | |||
| CVE-2016-2560 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2016-0244 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.… | |||
| CVE-2016-0243 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.… | |||
| CVE-2016-1157 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0725 | medium | 6.1 | 6.1 | 10y ago | Moodle Cross-site scripting (XSS) vulnerability in course management search | |||
| CVE-2016-2072 | medium | 6.1 | 6.1 | 10y ago | The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.130… | |||
| CVE-2016-2046 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2016-1150 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2016-1149 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2016-2387 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or … | |||
| CVE-2016-1331 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID C… | |||
| CVE-2016-0866 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web … | |||
| CVE-2016-0955 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled i… | |||
| CVE-2016-0039 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Mi… | |||
| CVE-2016-1318 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… | |||
| CVE-2016-2214 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitr… | |||
| CVE-2016-1309 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01… | |||
| CVE-2016-1305 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… | |||
| CVE-2016-0813 | medium | 6.1 | 6.1 | 11y ago | packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device pro… | |||
| CVE-2016-0812 | medium | 6.1 | 6.1 | 11y ago | The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does n… | |||
| CVE-2016-1311 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… | |||
| CVE-2016-1310 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | |||
| CVE-2016-1306 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | |||
| CVE-2016-1941 | medium | 6.1 | 6.1 | 11y ago | The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger… | |||
| CVE-2016-1937 | medium | 6.1 | 6.1 | 11y ago | The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a do… | |||
| CVE-2016-1143 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1140 | medium | 6.1 | 6.1 | 11y ago | KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-1488 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbi… | |||
| CVE-2016-1304 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||
| CVE-2016-1300 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||
| CVE-2016-0209 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1926 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_t… | |||
| CVE-2016-1492 | medium | 6.1 | 6.1 | 11y ago | The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragi… | |||
| CVE-2016-1298 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… | |||
| CVE-2016-1135 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlie… | |||
| CVE-2016-0418 | medium | — | 6.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerabi… | |||
| CVE-2016-1294 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… | |||
| CVE-2016-1293 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-1911 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pm… | |||
| CVE-2016-0032 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to i… | |||
| CVE-2016-0031 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-0030 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0029 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-1565 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject ar… | |||
| CVE-2016-1498 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attack… | |||
| CVE-2016-10155 | medium | 6.0 | 6.0 | 9y ago | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large… | |||
| CVE-2016-8021 | medium | 5.0 | 6.0 | 9y ago | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe… | |||
| CVE-2016-10024 | medium | 6.0 | 6.0 | 10y ago | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kern… | |||
| CVE-2016-9385 | medium | 6.0 | 6.0 | 10y ago | The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical add… | |||
| CVE-2016-7995 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large numbe… | |||
| CVE-2016-7994 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption… | |||
| CVE-2016-7466 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consump… | |||
| CVE-2016-7422 | medium | 6.0 | 6.0 | 10y ago | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) … | |||
| CVE-2016-7116 | medium | 6.0 | 6.0 | 10y ago | Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified s… | |||
| CVE-2016-6836 | medium | 6.0 | 6.0 | 10y ago | The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial… | |||
| CVE-2016-6835 | medium | 6.0 | 6.0 | 10y ago | The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail… | |||
| CVE-2016-4964 | medium | 6.0 | 6.0 | 10y ago | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU proce… | |||
| CVE-2016-9106 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to fre… | |||
| CVE-2016-9105 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a refer… | |||
| CVE-2016-9103 | medium | 6.0 | 6.0 | 10y ago | The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before wr… | |||
| CVE-2016-9102 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash)… | |||
| CVE-2016-9101 | medium | 6.0 | 6.0 | 10y ago | Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an… | |||
| CVE-2016-8910 | medium | 6.0 | 6.0 | 10y ago | The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin… | |||
| CVE-2016-8909 | medium | 6.0 | 6.0 | 10y ago | The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit… | |||
| CVE-2016-8669 | medium | 6.0 | 6.0 | 10y ago | The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) … | |||
| CVE-2016-8668 | medium | 6.0 | 6.0 | 10y ago | The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by l… | |||
| CVE-2016-8667 | medium | 6.0 | 6.0 | 10y ago | The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large i… | |||
| CVE-2016-8578 | medium | 6.0 | 6.0 | 10y ago | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cr… | |||
| CVE-2016-8577 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O… | |||
| CVE-2016-8576 | medium | 6.0 | 6.0 | 10y ago | The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f… | |||
| CVE-2016-5516 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. | |||
| CVE-2016-0079 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi… | |||
| CVE-2016-0073 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-5107 | medium | 6.0 | 6.0 | 10y ago | The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds re… |