CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8467 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent … | |||
| CVE-2016-10135 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with … | |||
| CVE-2016-8463 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to … | |||
| CVE-2016-8462 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access … | |||
| CVE-2016-8461 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access … | |||
| CVE-2016-8460 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2016-8400 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Modera… | |||
| CVE-2016-8397 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2016-8396 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it… | |||
| CVE-2016-6773 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat… | |||
| CVE-2016-6767 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remot… | |||
| CVE-2016-6766 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High … | |||
| CVE-2016-6765 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the po… | |||
| CVE-2016-6764 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remot… | |||
| CVE-2016-6763 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the poss… | |||
| CVE-2016-9869 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO … | |||
| CVE-2016-9868 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which … | |||
| CVE-2016-4329 | medium | 5.5 | 5.5 | 10y ago | A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause ap… | |||
| CVE-2016-4307 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel dr… | |||
| CVE-2016-4306 | medium | 5.5 | 5.5 | 10y ago | Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memor… | |||
| CVE-2016-4305 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF ke… | |||
| CVE-2016-4304 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violatio… | |||
| CVE-2016-9776 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A pri… | |||
| CVE-2016-2198 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registe… | |||
| CVE-2016-2197 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List B… | |||
| CVE-2016-1981 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the in… | |||
| CVE-2016-1922 | medium | 5.5 | 5.5 | 10y ago | QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp i… | |||
| CVE-2016-5329 | medium | 5.5 | 5.5 | 10y ago | VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecif… | |||
| CVE-2016-5328 | medium | 5.5 | 5.5 | 10y ago | VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism v… | |||
| CVE-2016-9756 | medium | 5.5 | 5.5 | 10y ago | arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel st… | |||
| CVE-2016-9685 | medium | 5.5 | 5.5 | 10y ago | Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operatio… | |||
| CVE-2016-9588 | medium | 5.5 | 5.5 | 10y ago | arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception… | |||
| CVE-2016-9923 | medium | 5.5 | 5.5 | 10y ago | Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could… | |||
| CVE-2016-6910 | medium | 5.5 | 5.5 | 10y ago | The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even af… | |||
| CVE-2016-9561 | medium | 5.5 | 5.5 | 10y ago | The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a cr… | |||
| CVE-2016-8595 | medium | 5.5 | 5.5 | 10y ago | The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||
| CVE-2016-7905 | medium | 5.5 | 5.5 | 10y ago | The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | |||
| CVE-2016-7785 | medium | 5.5 | 5.5 | 10y ago | The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||
| CVE-2016-7562 | medium | 5.5 | 5.5 | 10y ago | The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. | |||
| CVE-2016-7555 | medium | 5.5 | 5.5 | 10y ago | The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. | |||
| CVE-2016-7122 | medium | 5.5 | 5.5 | 10y ago | The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | |||
| CVE-2016-6881 | medium | 5.5 | 5.5 | 10y ago | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | |||
| CVE-2016-7295 | medium | 5.5 | 5.5 | 10y ago | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go… | |||
| CVE-2016-7267 | medium | 5.5 | 5.5 | 10y ago | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Se… | |||
| CVE-2016-7258 | medium | 5.5 | 5.5 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes v… | |||
| CVE-2016-7219 | medium | 5.5 | 5.5 | 10y ago | The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and… | |||
| CVE-2016-8826 | medium | 5.5 | 5.5 | 10y ago | All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a… | |||
| CVE-2016-6848 | medium | 5.5 | 5.5 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious… | |||
| CVE-2016-4443 | medium | 5.5 | 5.5 | 10y ago | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | |||
| CVE-2016-6722 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en… | |||
| CVE-2016-6720 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could en… | |||
| CVE-2016-6712 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a spec… | |||
| CVE-2016-6711 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a spec… | |||
| CVE-2016-7440 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differen… | |||
| CVE-2016-7439 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||
| CVE-2016-7438 | medium | 5.5 | 5.5 | 10y ago | The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||
| CVE-2016-8104 | medium | 5.5 | 5.5 | 10y ago | Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. | |||
| CVE-2016-9888 | medium | 5.5 | 5.5 | 10y ago | An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently caus… | |||
| CVE-2016-9191 | medium | 5.5 | 5.5 | 10y ago | The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a… | |||
| CVE-2016-9178 | medium | 5.5 | 5.5 | 10y ago | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information… | |||
| CVE-2016-8650 | medium | 5.5 | 5.5 | 10y ago | The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memo… | |||
| CVE-2016-8646 | medium | 5.5 | 5.5 | 10y ago | The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a… | |||
| CVE-2016-8645 | medium | 5.5 | 5.5 | 10y ago | The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system call… | |||
| CVE-2016-8630 | medium | 5.5 | 5.5 | 10y ago | The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a Mo… | |||
| CVE-2016-6753 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious applic… | |||
| CVE-2016-6752 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6751 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6750 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6749 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6748 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6747 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High du… | |||
| CVE-2016-6746 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is… | |||
| CVE-2016-6724 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a loc… | |||
| CVE-2016-6721 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission l… | |||
| CVE-2016-6719 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a… | |||
| CVE-2016-6718 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user inter… | |||
| CVE-2016-6716 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the u… | |||
| CVE-2016-6715 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local… | |||
| CVE-2016-6714 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or r… | |||
| CVE-2016-6713 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or r… | |||
| CVE-2016-6710 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious appl… | |||
| CVE-2016-6708 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is … | |||
| CVE-2016-6698 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-3907 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-3906 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-5967 | medium | 5.5 | 5.5 | 10y ago | The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | |||
| CVE-2016-9567 | medium | 5.5 | 5.5 | 10y ago | The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exp… | |||
| CVE-2016-6459 | medium | 5.5 | 5.5 | 10y ago | Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: C… | |||
| CVE-2016-7916 | medium | 5.5 | 5.5 | 10y ago | Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file … | |||
| CVE-2016-7915 | medium | 5.5 | 5.5 | 10y ago | The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of ser… | |||
| CVE-2016-7914 | medium | 5.5 | 5.5 | 10y ago | The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive informat… | |||
| CVE-2016-9318 | medium | 5.5 | 5.5 | 10y ago | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, … | |||
| CVE-2016-7244 | medium | 5.5 | 5.5 | 10y ago | Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | |||
| CVE-2016-4961 | medium | 5.5 | 5.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA W… | |||
| CVE-2016-9189 | medium | 5.5 | 5.5 | 10y ago | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_… | |||
| CVE-2016-4025 | medium | 5.5 | 5.5 | 10y ago | Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Prote… | |||
| CVE-2016-5608 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a … | |||
| CVE-2016-5576 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones. | |||
| CVE-2016-5517 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities. | |||
| CVE-2016-5505 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. |