CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4755 | medium | 5.5 | 5.5 | 10y ago | Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4752 | medium | 5.5 | 5.5 | 10y ago | The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering… | |||
| CVE-2016-4742 | medium | 5.5 | 5.5 | 10y ago | NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | |||
| CVE-2016-4706 | medium | 5.5 | 5.5 | 10y ago | cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-6265 | medium | 5.5 | 5.5 | 10y ago | Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||
| CVE-2016-7166 | medium | 5.5 | 5.5 | 10y ago | libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip… | |||
| CVE-2016-4719 | medium | 5.5 | 5.5 | 10y ago | The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted a… | |||
| CVE-2016-5927 | medium | 5.5 | 5.5 | 10y ago | IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is config… | |||
| CVE-2016-3899 | medium | 5.5 | 5.5 | 10y ago | OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer… | |||
| CVE-2016-3898 | medium | 5.5 | 5.5 | 10y ago | Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionalit… | |||
| CVE-2016-3897 | medium | 5.5 | 5.5 | 10y ago | The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the… | |||
| CVE-2016-3896 | medium | 5.5 | 5.5 | 10y ago | AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted appli… | |||
| CVE-2016-3895 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via… | |||
| CVE-2016-3894 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm i… | |||
| CVE-2016-3893 | medium | 5.5 | 5.5 | 10y ago | The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allo… | |||
| CVE-2016-3892 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 a… | |||
| CVE-2016-3884 | medium | 5.5 | 5.5 | 10y ago | server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass i… | |||
| CVE-2016-3883 | medium | 5.5 | 5.5 | 10y ago | internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct wa… | |||
| CVE-2016-3881 | medium | 5.5 | 5.5 | 10y ago | The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09… | |||
| CVE-2016-3880 | medium | 5.5 | 5.5 | 10y ago | Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2… | |||
| CVE-2016-3879 | medium | 5.5 | 5.5 | 10y ago | arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL … | |||
| CVE-2016-3878 | medium | 5.5 | 5.5 | 10y ago | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a… | |||
| CVE-2016-6900 | medium | 5.5 | 5.5 | 10y ago | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers… | |||
| CVE-2016-7118 | medium | 5.5 | 5.5 | 10y ago | fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to caus… | |||
| CVE-2016-0292 | medium | 5.5 | 5.5 | 10y ago | WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. | |||
| CVE-2016-3315 | medium | 5.5 | 5.5 | 10y ago | Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Informati… | |||
| CVE-2016-6198 | medium | 5.5 | 5.5 | 10y ago | The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service… | |||
| CVE-2016-6197 | medium | 5.5 | 5.5 | 10y ago | fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing,… | |||
| CVE-2016-3853 | medium | 5.5 | 5.5 | 10y ago | Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal … | |||
| CVE-2016-3852 | medium | 5.5 | 5.5 | 10y ago | The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTe… | |||
| CVE-2016-3839 | medium | 5.5 | 5.5 | 10y ago | Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a craf… | |||
| CVE-2016-3838 | medium | 5.5 | 5.5 | 10y ago | Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 287… | |||
| CVE-2016-3837 | medium | 5.5 | 5.5 | 10y ago | service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted… | |||
| CVE-2016-3836 | medium | 5.5 | 5.5 | 10y ago | The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of … | |||
| CVE-2016-3835 | medium | 5.5 | 5.5 | 10y ago | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, … | |||
| CVE-2016-3834 | medium | 5.5 | 5.5 | 10y ago | The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information … | |||
| CVE-2016-3830 | medium | 5.5 | 5.5 | 10y ago | codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of… | |||
| CVE-2016-3829 | medium | 5.5 | 5.5 | 10y ago | The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) vi… | |||
| CVE-2016-3828 | medium | 5.5 | 5.5 | 10y ago | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a… | |||
| CVE-2016-3827 | medium | 5.5 | 5.5 | 10y ago | codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or r… | |||
| CVE-2016-6149 | medium | 5.5 | 5.5 | 10y ago | SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||
| CVE-2016-5000 | medium | 5.5 | 5.5 | 10y ago | Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability | |||
| CVE-2016-3640 | medium | 5.5 | 5.5 | 10y ago | The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispa… | |||
| CVE-2016-5265 | medium | 5.5 | 5.5 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, b… | |||
| CVE-2016-5403 | medium | 5.5 | 5.5 | 10y ago | The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without w… | |||
| CVE-2016-10735 | medium | — | 5.5 | 10y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-4649 | medium | 5.5 | 5.5 | 10y ago | Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2016-4648 | medium | 5.5 | 5.5 | 10y ago | Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2016-4628 | medium | 5.5 | 5.5 | 10y ago | IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unsp… | |||
| CVE-2016-1865 | medium | 5.5 | 5.5 | 10y ago | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vecto… | |||
| CVE-2016-5471 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469. | |||
| CVE-2016-5469 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471. | |||
| CVE-2016-5452 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot. | |||
| CVE-2016-3597 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. | |||
| CVE-2016-3497 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471. | |||
| CVE-2016-3453 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel. | |||
| CVE-2016-3279 | medium | 5.5 | 5.5 | 10y ago | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2… | |||
| CVE-2016-5308 | medium | 5.5 | 5.5 | 10y ago | The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memo… | |||
| CVE-2016-3818 | medium | 5.5 | 5.5 | 10y ago | libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | |||
| CVE-2016-3816 | medium | 5.5 | 5.5 | 10y ago | The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240. | |||
| CVE-2016-3815 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274. | |||
| CVE-2016-3814 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342. | |||
| CVE-2016-3813 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 an… | |||
| CVE-2016-3812 | medium | 5.5 | 5.5 | 10y ago | The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and M… | |||
| CVE-2016-3810 | medium | 5.5 | 5.5 | 10y ago | The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTe… | |||
| CVE-2016-3809 | medium | 5.5 | 5.5 | 10y ago | The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensi… | |||
| CVE-2016-5248 | medium | 5.5 | 5.5 | 10y ago | The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | |||
| CVE-2016-5232 | medium | 5.5 | 5.5 | 10y ago | Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of se… | |||
| CVE-2016-1237 | medium | 5.5 | 5.5 | 10y ago | nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. | |||
| CVE-2016-5243 | medium | 5.5 | 5.5 | 10y ago | The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information … | |||
| CVE-2016-4470 | medium | 5.5 | 5.5 | 10y ago | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of s… | |||
| CVE-2016-2178 | medium | 5.5 | 5.5 | 10y ago | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA pr… | |||
| CVE-2016-3234 | medium | 5.5 | 5.5 | 10y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Ser… | |||
| CVE-2016-3215 | medium | 5.5 | 5.5 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka … | |||
| CVE-2016-0028 | medium | 5.5 | 5.5 | 10y ago | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements… | |||
| CVE-2016-5337 | medium | 5.5 | 5.5 | 10y ago | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control informat… | |||
| CVE-2016-4005 | medium | 5.5 | 5.5 | 10y ago | The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||
| CVE-2016-2500 | medium | 5.5 | 5.5 | 10y ago | Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a … | |||
| CVE-2016-2499 | medium | 5.5 | 5.5 | 10y ago | AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attacker… | |||
| CVE-2016-2498 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162. | |||
| CVE-2016-2495 | medium | 5.5 | 5.5 | 10y ago | SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (d… | |||
| CVE-2016-1582 | medium | 5.5 | 5.5 | 10y ago | LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container di… | |||
| CVE-2016-1581 | medium | 5.5 | 5.5 | 10y ago | LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecifi… | |||
| CVE-2016-2142 | medium | 5.5 | 5.5 | 10y ago | Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by re… | |||
| CVE-2016-2023 | medium | 5.5 | 5.5 | 10y ago | HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4790 | medium | 5.5 | 5.5 | 10y ago | Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote… | |||
| CVE-2016-4581 | medium | 5.5 | 5.5 | 10y ago | fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL … | |||
| CVE-2016-4569 | medium | 5.5 | 5.5 | 10y ago | The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from ke… | |||
| CVE-2016-1837 | medium | 5.5 | 5.5 | 10y ago | Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS … | |||
| CVE-2016-1836 | medium | 5.5 | 5.5 | 10y ago | Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows… | |||
| CVE-2016-1833 | medium | 5.5 | 5.5 | 10y ago | The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of… | |||
| CVE-2016-1814 | medium | 5.5 | 5.5 | 10y ago | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||
| CVE-2016-1802 | medium | 5.5 | 5.5 | 10y ago | CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to … | |||
| CVE-2016-2016 | medium | 5.5 | 5.5 | 10y ago | Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mi… | |||
| CVE-2016-4498 | medium | 5.5 | 5.5 | 10y ago | Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2016-3712 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |||
| CVE-2016-0190 | medium | 5.5 | 5.5 | 10y ago | Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted … | |||
| CVE-2016-0181 | medium | 5.5 | 5.5 | 10y ago | Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a craft… | |||
| CVE-2016-2460 | medium | 5.5 | 5.5 | 10y ago | mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive info… | |||
| CVE-2016-2459 | medium | 5.5 | 5.5 | 10y ago | mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive info… |