# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
40751 |
CVE-2016-0872 |
255 |
|
|
2017-11-07 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. |
40752 |
CVE-2016-0871 |
200 |
|
+Info |
2016-04-06 |
2016-04-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. |
40753 |
CVE-2016-0870 |
200 |
|
+Info |
2016-09-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. |
40754 |
CVE-2016-0869 |
119 |
|
DoS Overflow |
2016-01-26 |
2016-02-23 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. |
40755 |
CVE-2016-0868 |
119 |
|
Exec Code Overflow |
2016-01-28 |
2016-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. |
40756 |
CVE-2016-0867 |
200 |
|
Bypass +Info |
2016-01-30 |
2016-03-01 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. |
40757 |
CVE-2016-0866 |
79 |
|
XSS |
2016-02-12 |
2016-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
40758 |
CVE-2016-0865 |
255 |
|
|
2016-02-12 |
2016-02-18 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. |
40759 |
CVE-2016-0864 |
200 |
|
+Info |
2016-02-12 |
2016-05-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. |
40760 |
CVE-2016-0863 |
352 |
|
CSRF |
2016-02-12 |
2016-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. |
40761 |
CVE-2016-0862 |
200 |
|
+Info |
2016-02-05 |
2018-10-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. |
40762 |
CVE-2016-0861 |
77 |
|
Exec Code |
2016-02-05 |
2017-09-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. |
40763 |
CVE-2016-0860 |
119 |
|
DoS Overflow |
2016-01-14 |
2016-12-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. |
40764 |
CVE-2016-0859 |
189 |
|
DoS Exec Code Overflow |
2016-01-14 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. |
40765 |
CVE-2016-0858 |
119 |
|
DoS Exec Code Overflow |
2016-01-14 |
2016-12-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. |
40766 |
CVE-2016-0857 |
119 |
|
Exec Code Overflow |
2016-01-14 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. |
40767 |
CVE-2016-0856 |
119 |
|
Exec Code Overflow |
2016-01-14 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. |
40768 |
CVE-2016-0855 |
22 |
|
Dir. Trav. |
2016-01-14 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. |
40769 |
CVE-2016-0854 |
|
|
|
2016-01-14 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. |
40770 |
CVE-2016-0853 |
200 |
|
+Info |
2016-01-14 |
2016-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. |
40771 |
CVE-2016-0852 |
264 |
|
Bypass |
2016-01-14 |
2016-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. |
40772 |
CVE-2016-0851 |
119 |
|
DoS Overflow |
2016-01-14 |
2016-01-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. |
40773 |
CVE-2016-0850 |
264 |
|
Bypass |
2016-04-17 |
2016-04-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752. |
40774 |
CVE-2016-0849 |
189 |
|
Overflow +Priv |
2016-04-17 |
2016-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. |
40775 |
CVE-2016-0848 |
362 |
|
Bypass |
2016-04-17 |
2016-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. |
40776 |
CVE-2016-0847 |
264 |
|
|
2016-04-17 |
2016-04-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502. |
40777 |
CVE-2016-0846 |
264 |
|
+Priv |
2016-04-17 |
2017-09-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. |
40778 |
CVE-2016-0844 |
264 |
|
+Priv |
2016-04-17 |
2016-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. |
40779 |
CVE-2016-0843 |
264 |
|
+Priv |
2016-04-17 |
2016-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. |
40780 |
CVE-2016-0842 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. |
40781 |
CVE-2016-0841 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. |
40782 |
CVE-2016-0840 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. |
40783 |
CVE-2016-0839 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. |
40784 |
CVE-2016-0838 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. |
40785 |
CVE-2016-0837 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. |
40786 |
CVE-2016-0836 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. |
40787 |
CVE-2016-0835 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-17 |
2016-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. |
40788 |
CVE-2016-0834 |
20 |
|
DoS Exec Code Mem. Corr. |
2016-04-17 |
2017-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. |
40789 |
CVE-2016-0833 |
|
|
DoS |
2017-04-21 |
2017-04-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Android allows users to cause a denial of service. |
40790 |
CVE-2016-0832 |
264 |
|
Bypass |
2016-03-12 |
2016-11-28 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. |
40791 |
CVE-2016-0831 |
200 |
|
+Info |
2016-03-12 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. |
40792 |
CVE-2016-0829 |
254 |
|
Bypass +Info |
2016-03-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. |
40793 |
CVE-2016-0828 |
254 |
|
Bypass +Info |
2016-03-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. |
40794 |
CVE-2016-0827 |
189 |
|
Overflow +Priv |
2016-03-12 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. |
40795 |
CVE-2016-0826 |
264 |
|
+Priv |
2016-03-12 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. |
40796 |
CVE-2016-0825 |
254 |
|
+Info |
2016-03-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. |
40797 |
CVE-2016-0824 |
254 |
|
Bypass +Info |
2016-03-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. |
40798 |
CVE-2016-0822 |
264 |
|
+Priv |
2016-03-12 |
2016-11-28 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. |
40799 |
CVE-2016-0821 |
254 |
|
Bypass |
2016-03-12 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. |
40800 |
CVE-2016-0820 |
264 |
|
+Priv |
2016-03-12 |
2016-11-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. |