CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4043 | medium | 4.9 | 4.9 | 4y ago | Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | |||
| CVE-2016-10310 | medium | 4.9 | 4.9 | 9y ago | Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and p… | |||
| CVE-2016-7542 | medium | 4.9 | 4.9 | 9y ago | A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) s… | |||
| CVE-2016-7135 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile ac… | |||
| CVE-2016-8375 | medium | 4.9 | 4.9 | 9y ago | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physica… | |||
| CVE-2016-8226 | medium | 4.9 | 4.9 | 10y ago | The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||
| CVE-2016-7787 | medium | 4.9 | 4.9 | 10y ago | A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | |||
| CVE-2016-5635 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. | |||
| CVE-2016-5634 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. | |||
| CVE-2016-5633 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-… | |||
| CVE-2016-5632 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-5631 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. | |||
| CVE-2016-5630 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5629 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | |||
| CVE-2016-5628 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. | |||
| CVE-2016-5507 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3495 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5976 | medium | 4.9 | 4.9 | 10y ago | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… | |||
| CVE-2016-1497 | medium | 4.9 | 4.9 | 10y ago | The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allow… | |||
| CVE-2016-3320 | medium | 4.9 | 4.9 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or… | |||
| CVE-2016-5442 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-5441 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | |||
| CVE-2016-5440 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote admi… | |||
| CVE-2016-5439 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | |||
| CVE-2016-5437 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. | |||
| CVE-2016-5436 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3520 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via v… | |||
| CVE-2016-3459 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via… | |||
| CVE-2016-3424 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-5092 | medium | 4.9 | 4.9 | 10y ago | Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featu… | |||
| CVE-2016-5021 | medium | 4.9 | 4.9 | 10y ago | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0… | |||
| CVE-2016-0731 | medium | 4.9 | 4.9 | 10y ago | The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||
| CVE-2016-0225 | medium | 4.9 | 4.9 | 10y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-2314 | medium | 4.9 | 4.9 | 10y ago | GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to crea… | |||
| CVE-2016-0465 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manag… | |||
| CVE-2016-0428 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot. | |||
| CVE-2016-0419 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431. | |||
| CVE-2016-8751 | medium | 4.8 | 4.8 | 9y ago | Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies | |||
| CVE-2016-7810 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4858 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11,… | |||
| CVE-2016-4856 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via… | |||
| CVE-2016-6037 | medium | 4.8 | 4.8 | 9y ago | IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project… | |||
| CVE-2016-4866 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | |||
| CVE-2016-4865 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | |||
| CVE-2016-4318 | medium | 4.8 | 4.8 | 9y ago | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||
| CVE-2016-5541 | medium | 4.8 | 4.8 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. D… | |||
| CVE-2016-7168 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-10112 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta… | |||
| CVE-2016-1000121 | medium | 4.8 | 4.8 | 10y ago | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||
| CVE-2016-8285 | medium | 4.8 | 4.8 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Cand… | |||
| CVE-2016-5395 | medium | 4.8 | 4.8 | 10y ago | Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML | |||
| CVE-2016-5696 | medium | 4.8 | 4.8 | 10y ago | net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-wi… | |||
| CVE-2016-5005 | medium | 4.8 | 4.8 | 10y ago | Apache Archiva vulnerable to Cross-site Scripting | |||
| CVE-2016-3971 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | |||
| CVE-2016-9263 | medium | 4.7 | 4.7 | 9y ago | WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained wit… | |||
| CVE-2016-0713 | medium | 4.7 | 4.7 | 9y ago | Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||
| CVE-2016-5858 | medium | 4.7 | 4.7 | 9y ago | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. | |||
| CVE-2016-5855 | medium | 4.7 | 4.7 | 9y ago | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. | |||
| CVE-2016-5854 | medium | 4.7 | 4.7 | 9y ago | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. | |||
| CVE-2016-5347 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. | |||
| CVE-2016-4984 | medium | 4.7 | 4.7 | 9y ago | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition … | |||
| CVE-2016-4982 | medium | 4.7 | 4.7 | 9y ago | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | |||
| CVE-2016-10296 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat… | |||
| CVE-2016-10295 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-10294 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-10293 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-9473 | medium | 4.7 | 4.7 | 9y ago | Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate … | |||
| CVE-2016-8478 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8477 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2016-8416 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8413 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2016-7650 | medium | 4.7 | 4.7 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to co… | |||
| CVE-2016-7111 | medium | 4.7 | 4.7 | 9y ago | MantisBT XSS through weak CSP when using Gravatar plugin | |||
| CVE-2016-5918 | medium | 4.7 | 4.7 | 9y ago | IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | |||
| CVE-2016-8414 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issu… | |||
| CVE-2016-1919 | medium | 4.7 | 4.7 | 10y ago | Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. | |||
| CVE-2016-9811 | medium | 4.7 | 4.7 | 10y ago | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via … | |||
| CVE-2016-8475 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it … | |||
| CVE-2016-8474 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be… | |||
| CVE-2016-8473 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be… | |||
| CVE-2016-8472 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8471 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8470 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8469 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it fir… | |||
| CVE-2016-8410 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8409 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-8408 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-8407 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8406 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8405 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8404 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8403 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8402 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8401 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8395 | medium | 4.7 | 4.7 | 10y ago | A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the de… | |||
| CVE-2016-6774 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Thi… | |||
| CVE-2016-6757 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2016-6756 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2016-6213 | medium | 4.7 | 4.7 | 10y ago | fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock)… | |||
| CVE-2016-3685 | medium | 4.7 | 4.7 | 10y ago | SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration info… |