| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
36851 |
CVE-2016-5872 |
20 |
|
|
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. |
|
36852 |
CVE-2016-5871 |
190 |
|
Overflow |
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. |
|
36853 |
CVE-2016-5870 |
476 |
|
DoS |
2017-04-04 |
2017-04-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. |
|
36854 |
CVE-2016-5868 |
264 |
|
Exec Code |
2017-09-25 |
2017-09-28 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. |
|
36855 |
CVE-2016-5867 |
264 |
|
Overflow |
2017-08-16 |
2017-08-20 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. |
|
36856 |
CVE-2016-5864 |
264 |
|
Overflow |
2017-08-16 |
2017-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. |
|
36857 |
CVE-2016-5863 |
264 |
|
|
2017-08-16 |
2017-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. |
|
36858 |
CVE-2016-5862 |
264 |
|
|
2017-08-16 |
2017-08-20 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. |
|
36859 |
CVE-2016-5861 |
264 |
|
Overflow |
2017-08-16 |
2017-08-20 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. |
|
36860 |
CVE-2016-5860 |
264 |
|
Overflow |
2017-08-16 |
2017-08-20 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. |
|
36861 |
CVE-2016-5859 |
264 |
|
Overflow |
2017-08-16 |
2017-08-18 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. |
|
36862 |
CVE-2016-5857 |
264 |
|
Exec Code |
2017-03-20 |
2017-05-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. |
|
36863 |
CVE-2016-5856 |
264 |
|
+Priv |
2017-04-12 |
2017-04-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. |
|
36864 |
CVE-2016-5853 |
264 |
|
Exec Code |
2017-08-16 |
2017-09-28 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. |
|
36865 |
CVE-2016-5852 |
|
|
Exec Code |
2016-11-08 |
2016-12-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. |
|
36866 |
CVE-2016-5851 |
611 |
|
|
2016-12-21 |
2016-12-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. |
|
36867 |
CVE-2016-5847 |
264 |
|
+Priv |
2016-08-12 |
2018-10-09 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384. |
|
36868 |
CVE-2016-5844 |
190 |
|
DoS Overflow |
2016-09-21 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. |
|
36869 |
CVE-2016-5843 |
89 |
|
Exec Code Sql |
2016-09-16 |
2016-11-28 |
9.0 |
None |
Remote |
Low |
Not required |
Complete |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. |
|
36870 |
CVE-2016-5842 |
125 |
|
+Info |
2016-12-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. |
|
36871 |
CVE-2016-5841 |
190 |
|
DoS Exec Code Overflow |
2016-12-13 |
2016-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. |
|
36872 |
CVE-2016-5840 |
20 |
|
Exec Code |
2016-06-30 |
2016-11-28 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. |
|
36873 |
CVE-2016-5839 |
|
|
Bypass |
2016-06-29 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. |
|
36874 |
CVE-2016-5838 |
255 |
|
Bypass |
2016-06-29 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. |
|
36875 |
CVE-2016-5837 |
|
|
Bypass |
2016-06-29 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. |
|
36876 |
CVE-2016-5836 |
|
|
DoS |
2016-06-29 |
2018-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. |
|
36877 |
CVE-2016-5835 |
200 |
|
+Info |
2016-06-29 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. |
|
36878 |
CVE-2016-5834 |
79 |
|
XSS |
2016-06-29 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. |
|
36879 |
CVE-2016-5833 |
79 |
|
XSS |
2016-06-29 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. |
|
36880 |
CVE-2016-5832 |
|
|
Bypass |
2016-06-29 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. |
|
36881 |
CVE-2016-5829 |
119 |
|
DoS Overflow |
2016-06-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. |
|
36882 |
CVE-2016-5828 |
20 |
|
DoS |
2016-06-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. |
|
36883 |
CVE-2016-5827 |
125 |
|
DoS |
2017-01-27 |
2017-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. |
|
36884 |
CVE-2016-5826 |
125 |
|
DoS |
2017-01-27 |
2017-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. |
|
36885 |
CVE-2016-5825 |
125 |
|
DoS |
2017-01-27 |
2017-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. |
|
36886 |
CVE-2016-5824 |
416 |
|
DoS |
2017-01-27 |
2019-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. |
|
36887 |
CVE-2016-5823 |
416 |
|
DoS |
2017-01-27 |
2019-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. |
|
36888 |
CVE-2016-5822 |
399 |
|
DoS |
2017-01-27 |
2017-02-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. |
|
36889 |
CVE-2016-5821 |
264 |
|
+Priv |
2016-07-13 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. |
|
36890 |
CVE-2016-5819 |
79 |
|
Exec Code XSS |
2019-03-21 |
2019-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server. |
|
36891 |
CVE-2016-5818 |
798 |
|
|
2017-02-13 |
2017-02-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. |
|
36892 |
CVE-2016-5817 |
89 |
|
Exec Code Sql |
2016-08-22 |
2016-08-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
36893 |
CVE-2016-5816 |
798 |
|
|
2017-08-25 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. |
|
36894 |
CVE-2016-5815 |
284 |
|
|
2017-02-13 |
2017-03-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. |
|
36895 |
CVE-2016-5814 |
119 |
|
Exec Code Overflow |
2016-09-18 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file. |
|
36896 |
CVE-2016-5813 |
200 |
|
+Info |
2017-02-13 |
2017-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). |
|
36897 |
CVE-2016-5811 |
79 |
|
XSS |
2017-02-13 |
2017-02-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING). |
|
36898 |
CVE-2016-5810 |
200 |
|
+Info |
2017-05-02 |
2017-05-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. |
|
36899 |
CVE-2016-5809 |
352 |
|
CSRF |
2017-02-13 |
2018-05-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. |
|
36900 |
CVE-2016-5807 |
284 |
|
Bypass |
2016-07-15 |
2016-11-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request. |
