Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5486 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2016-11-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Services. | |||||
| CVE-2016-5522 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5524 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. | |||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | |||||
| CVE-2016-5356 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2016-5354 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-5355 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2016-5353 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-5359 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. | |||||
| CVE-2016-5352 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-5351 | 1 Wireshark | 1 Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-5358 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-5357 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2016-5242 | 1 Xen | 1 Xen | 2016-11-28 | 4.7 MEDIUM | 5.6 MEDIUM |
| The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | |||||
| CVE-2016-5243 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | |||||
| CVE-2016-5232 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app. | |||||
| CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-11-28 | 6.8 MEDIUM | 6.7 MEDIUM |
| The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
| CVE-2016-4852 | 2 Aki-null, Apple | 2 Yorufukurou, Mac Os X | 2016-11-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence. | |||||
| CVE-2016-4851 | 1 Let\'s Php\! | 1 Simple Chat | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4496 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 4.4 MEDIUM | 4.2 MEDIUM |
| Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow. | |||||
| CVE-2016-4498 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 6.8 MEDIUM | 5.5 MEDIUM |
| Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-4497 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 6.8 MEDIUM | 4.2 MEDIUM |
| Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
| CVE-2016-4482 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2016-11-28 | 2.1 LOW | 6.2 MEDIUM |
| The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | |||||
| CVE-2016-4509 | 1 Eaton | 1 Elcsoft | 2016-11-28 | 6.0 MEDIUM | 6.0 MEDIUM |
| Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||||
| CVE-2016-4499 | 1 Panasonic | 1 Fpwin Pro | 2016-11-28 | 4.4 MEDIUM | 4.2 MEDIUM |
| Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2016-11-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-4380 | 1 Hp | 1 Operations Manager | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4005 | 1 Huawei | 1 Hilink App | 2016-11-28 | 7.5 HIGH | 5.5 MEDIUM |
| The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2016-4062 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. | |||||
| CVE-2016-3924 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301. | |||||
| CVE-2016-4057 | 1 Huawei | 1 Fusioncompute | 2016-11-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |||||
| CVE-2016-3925 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. | |||||
| CVE-2016-3961 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. | |||||
| CVE-2016-4086 | 1 Huawei | 1 Hisuite | 2016-11-28 | 2.9 LOW | 5.3 MEDIUM |
| Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||||
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | |||||
| CVE-2016-3860 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127. | |||||
| CVE-2016-3882 | 1 Google | 1 Android | 2016-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811. | |||||
| CVE-2016-3918 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403. | |||||
| CVE-2016-3907 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352. | |||||
| CVE-2016-3920 | 1 Google | 1 Android | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884. | |||||
| CVE-2016-3923 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | |||||
| CVE-2016-3906 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344. | |||||
| CVE-2016-3908 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944. | |||||
| CVE-2016-3902 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072. | |||||
| CVE-2016-3828 | 1 Google | 1 Android | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995. | |||||
| CVE-2016-3834 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. | |||||
| CVE-2016-3835 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. | |||||
| CVE-2016-3836 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | |||||
| CVE-2016-3837 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077. | |||||