| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-9961 |
189 |
|
|
2017-06-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
game-music-emu before 0.6.1 mishandles unspecified integer values. |
|
2 |
CVE-2016-9960 |
369 |
|
DoS |
2017-06-06 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
|
3 |
CVE-2016-5759 |
20 |
|
|
2017-09-08 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. |
|
4 |
CVE-2016-5118 |
284 |
|
Exec Code |
2016-06-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
|
5 |
CVE-2016-4997 |
264 |
|
DoS +Priv Mem. Corr. |
2016-07-03 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. |
|
6 |
CVE-2016-4957 |
20 |
|
DoS |
2016-07-04 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. |
|
7 |
CVE-2016-4956 |
19 |
|
DoS |
2016-07-04 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. |
|
8 |
CVE-2016-4955 |
362 |
|
DoS |
2016-07-04 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. |
|
9 |
CVE-2016-4805 |
416 |
|
DoS Mem. Corr. |
2016-05-23 |
2019-04-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. |
|
10 |
CVE-2016-4569 |
200 |
|
+Info |
2016-05-23 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. |
|
11 |
CVE-2016-4486 |
200 |
|
+Info |
2016-05-23 |
2018-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. |
|
12 |
CVE-2016-4482 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. |
|
13 |
CVE-2016-3689 |
|
|
DoS |
2016-05-02 |
2017-09-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. |
|
14 |
CVE-2016-3140 |
|
|
DoS |
2016-05-02 |
2017-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. |
|
15 |
CVE-2016-3138 |
|
|
DoS |
2016-05-02 |
2016-11-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. |
|
16 |
CVE-2016-3137 |
|
|
DoS |
2016-05-02 |
2016-11-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. |
|
17 |
CVE-2016-3136 |
|
|
DoS |
2016-05-02 |
2017-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. |
|
18 |
CVE-2016-3134 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2016-04-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. |
|
19 |
CVE-2016-2847 |
399 |
|
DoS |
2016-04-27 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. |
|
20 |
CVE-2016-2834 |
|
|
DoS Mem. Corr. |
2016-06-13 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. |
|
21 |
CVE-2016-2818 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-06-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
22 |
CVE-2016-2815 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-06-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
23 |
CVE-2016-2188 |
|
|
DoS |
2016-05-02 |
2017-09-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. |
|
24 |
CVE-2016-2186 |
|
|
DoS |
2016-05-02 |
2016-11-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. |
|
25 |
CVE-2016-2185 |
|
|
DoS |
2016-05-02 |
2016-11-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. |
|
26 |
CVE-2016-1583 |
119 |
|
DoS Overflow +Priv |
2016-06-27 |
2018-12-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. |
|
27 |
CVE-2015-8924 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. |
|
28 |
CVE-2015-8923 |
20 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. |
|
29 |
CVE-2015-8922 |
476 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. |
|
30 |
CVE-2015-8921 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. |
|
31 |
CVE-2015-8920 |
125 |
|
DoS |
2016-09-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. |
|
32 |
CVE-2015-8919 |
119 |
|
DoS Overflow |
2016-09-20 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. |
|
33 |
CVE-2015-8918 |
119 |
|
DoS Overflow |
2016-09-20 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." |
|
34 |
CVE-2015-4913 |
|
|
|
2015-10-21 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. |
|
35 |
CVE-2015-4870 |
|
|
|
2015-10-21 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. |
|
36 |
CVE-2015-4861 |
|
|
|
2015-10-21 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. |
|
37 |
CVE-2015-4858 |
|
|
|
2015-10-21 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. |
|
38 |
CVE-2015-4836 |
|
|
|
2015-10-21 |
2018-10-30 |
2.8 |
None |
Remote |
Medium |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. |
|
39 |
CVE-2015-4830 |
|
|
|
2015-10-21 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. |
|
40 |
CVE-2015-4826 |
|
|
|
2015-10-21 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. |
|
41 |
CVE-2015-4802 |
|
|
|
2015-10-21 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. |
|
42 |
CVE-2015-4792 |
|
|
|
2015-10-21 |
2018-10-30 |
1.7 |
None |
Remote |
High |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. |
