| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
7551 |
CVE-2016-8359 |
79 |
|
Exec Code XSS |
2017-02-13 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). |
|
7552 |
CVE-2016-8356 |
79 |
|
XSS |
2017-02-13 |
2017-02-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. |
|
7553 |
CVE-2016-8344 |
20 |
|
|
2017-02-13 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. |
|
7554 |
CVE-2016-8334 |
125 |
|
Bypass +Info |
2017-01-06 |
2017-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. |
|
7555 |
CVE-2016-8330 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts). |
|
7556 |
CVE-2016-8328 |
|
|
|
2017-01-27 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts). |
|
7557 |
CVE-2016-8322 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
|
7558 |
CVE-2016-8316 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
|
7559 |
CVE-2016-8311 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts). |
|
7560 |
CVE-2016-8309 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
|
7561 |
CVE-2016-8308 |
|
|
|
2017-01-27 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). |
|
7562 |
CVE-2016-8304 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
|
7563 |
CVE-2016-8302 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
|
7564 |
CVE-2016-8301 |
|
|
|
2017-01-27 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). |
|
7565 |
CVE-2016-8296 |
284 |
|
|
2016-10-25 |
2017-07-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP. |
|
7566 |
CVE-2016-8295 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
7567 |
CVE-2016-8294 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
7568 |
CVE-2016-8288 |
284 |
|
|
2016-10-25 |
2018-01-04 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. |
|
7569 |
CVE-2016-8285 |
284 |
|
|
2016-10-25 |
2017-07-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. |
|
7570 |
CVE-2016-8283 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. |
|
7571 |
CVE-2016-8280 |
22 |
|
Dir. Trav. |
2016-10-03 |
2016-10-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. |
|
7572 |
CVE-2016-8232 |
79 |
|
XSS |
2017-03-01 |
2017-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |
|
7573 |
CVE-2016-8225 |
428 |
|
Exec Code |
2017-01-26 |
2017-01-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. |
|
7574 |
CVE-2016-8224 |
310 |
|
DoS |
2016-11-29 |
2016-12-06 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. |
|
7575 |
CVE-2016-8222 |
284 |
|
DoS |
2016-11-30 |
2016-12-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. |
|
7576 |
CVE-2016-8219 |
264 |
|
|
2017-06-13 |
2017-07-03 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. |
|
7577 |
CVE-2016-8215 |
79 |
|
XSS |
2017-01-25 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
7578 |
CVE-2016-8214 |
275 |
|
|
2017-01-25 |
2017-02-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. |
|
7579 |
CVE-2016-8213 |
79 |
|
XSS |
2017-01-23 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
7580 |
CVE-2016-8106 |
20 |
|
DoS |
2017-01-09 |
2017-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. |
|
7581 |
CVE-2016-8032 |
284 |
|
Bypass |
2017-03-31 |
2017-07-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. |
|
7582 |
CVE-2016-8031 |
264 |
|
Bypass |
2017-03-28 |
2017-07-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. |
|
7583 |
CVE-2016-8030 |
119 |
|
DoS Overflow Mem. Corr. |
2017-04-25 |
2017-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. |
|
7584 |
CVE-2016-8026 |
264 |
|
Exec Code +Priv |
2017-03-14 |
2017-05-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. |
|
7585 |
CVE-2016-8019 |
79 |
|
XSS |
2017-03-14 |
2017-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. |
|
7586 |
CVE-2016-8017 |
20 |
|
|
2017-03-14 |
2017-09-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input. |
|
7587 |
CVE-2016-8012 |
264 |
|
|
2017-03-14 |
2017-03-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. |
|
7588 |
CVE-2016-8011 |
79 |
|
XSS |
2017-03-14 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. |
|
7589 |
CVE-2016-8010 |
284 |
|
Bypass |
2017-03-14 |
2017-03-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. |
|
7590 |
CVE-2016-8009 |
264 |
|
Exec Code |
2017-03-14 |
2017-03-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. |
|
7591 |
CVE-2016-8005 |
264 |
|
|
2017-03-14 |
2017-03-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. |
|
7592 |
CVE-2016-7999 |
918 |
|
|
2017-01-18 |
2017-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. |
|
7593 |
CVE-2016-7981 |
79 |
|
XSS |
2017-01-18 |
2017-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. |
|
7594 |
CVE-2016-7977 |
200 |
|
Bypass +Info |
2017-05-23 |
2018-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. |
|
7595 |
CVE-2016-7965 |
20 |
|
|
2016-10-31 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server). |
|
7596 |
CVE-2016-7964 |
918 |
|
|
2016-10-31 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16. |
|
7597 |
CVE-2016-7917 |
125 |
|
DoS +Info |
2016-11-16 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. |
|
7598 |
CVE-2016-7916 |
362 |
|
+Info |
2016-11-16 |
2017-01-17 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. |
|
7599 |
CVE-2016-7915 |
125 |
|
DoS +Info |
2016-11-16 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. |
|
7600 |
CVE-2016-7909 |
399 |
|
DoS |
2016-10-05 |
2018-12-01 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. |
