# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2016-6232 |
22 |
|
Dir. Trav. |
2016-08-02 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. |
2 |
CVE-2016-6224 |
20 |
|
+Info |
2016-07-22 |
2017-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. |
3 |
CVE-2016-5118 |
284 |
|
Exec Code |
2016-06-10 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
4 |
CVE-2016-5104 |
284 |
|
Bypass |
2016-06-13 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. |
5 |
CVE-2016-4998 |
119 |
|
DoS Overflow +Info |
2016-07-03 |
2018-01-04 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. |
6 |
CVE-2016-4997 |
264 |
|
DoS +Priv Mem. Corr. |
2016-07-03 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. |
7 |
CVE-2016-4971 |
254 |
|
|
2016-06-30 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. |
8 |
CVE-2016-4951 |
|
|
DoS |
2016-05-23 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. |
9 |
CVE-2016-4913 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. |
10 |
CVE-2016-4804 |
119 |
|
DoS Overflow |
2016-06-03 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. |
11 |
CVE-2016-4581 |
|
|
DoS |
2016-05-23 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. |
12 |
CVE-2016-4580 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. |
13 |
CVE-2016-4579 |
20 |
|
DoS |
2016-06-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." |
14 |
CVE-2016-4578 |
200 |
|
+Info |
2016-05-23 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. |
15 |
CVE-2016-4574 |
189 |
|
DoS |
2016-06-13 |
2016-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. |
16 |
CVE-2016-4569 |
200 |
|
+Info |
2016-05-23 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. |
17 |
CVE-2016-4556 |
|
|
DoS |
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. |
18 |
CVE-2016-4555 |
20 |
|
DoS |
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. |
19 |
CVE-2016-4554 |
345 |
|
Bypass |
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. |
20 |
CVE-2016-4553 |
345 |
|
|
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. |
21 |
CVE-2016-4486 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. |
22 |
CVE-2016-4485 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. |
23 |
CVE-2016-4482 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. |
24 |
CVE-2016-4450 |
|
|
DoS |
2016-06-07 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. |
25 |
CVE-2016-4449 |
20 |
|
DoS |
2016-06-09 |
2018-01-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. |
26 |
CVE-2016-4447 |
119 |
|
DoS Overflow |
2016-06-09 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. |
27 |
CVE-2016-4324 |
20 |
|
Exec Code |
2016-07-08 |
2017-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. |
28 |
CVE-2016-4323 |
22 |
|
Dir. Trav. |
2017-01-06 |
2017-03-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. |
29 |
CVE-2016-4054 |
119 |
|
Exec Code Overflow |
2016-04-25 |
2016-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. |
30 |
CVE-2016-4053 |
119 |
|
Overflow +Info |
2016-04-25 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. |
31 |
CVE-2016-4052 |
119 |
|
DoS Exec Code Overflow |
2016-04-25 |
2016-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. |
32 |
CVE-2016-4051 |
119 |
|
DoS Exec Code Overflow |
2016-04-25 |
2016-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. |
33 |
CVE-2016-4037 |
20 |
|
DoS |
2016-05-23 |
2016-11-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. |
34 |
CVE-2016-4020 |
200 |
|
+Info |
2016-05-25 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). |
35 |
CVE-2016-4008 |
399 |
|
DoS |
2016-05-05 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. |
36 |
CVE-2016-4002 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-26 |
2017-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. |
37 |
CVE-2016-4001 |
20 |
|
DoS Overflow |
2016-05-23 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. |
38 |
CVE-2016-3982 |
119 |
|
DoS Exec Code Overflow |
2016-04-13 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. |
39 |
CVE-2016-3981 |
119 |
|
DoS Exec Code Overflow |
2016-04-13 |
2017-02-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. |
40 |
CVE-2016-3961 |
20 |
|
DoS |
2016-04-15 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. |
41 |
CVE-2016-3955 |
119 |
|
DoS Overflow |
2016-07-03 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. |
42 |
CVE-2016-3951 |
|
|
DoS |
2016-05-02 |
2017-08-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. |
43 |
CVE-2016-3947 |
119 |
|
DoS Overflow |
2016-04-07 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. |
44 |
CVE-2016-3718 |
20 |
|
|
2016-05-05 |
2017-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
45 |
CVE-2016-3717 |
200 |
|
+Info |
2016-05-05 |
2017-09-06 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. |
46 |
CVE-2016-3716 |
264 |
|
|
2016-05-05 |
2017-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. |
47 |
CVE-2016-3715 |
284 |
|
|
2016-05-05 |
2017-11-03 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
48 |
CVE-2016-3714 |
20 |
|
Exec Code |
2016-05-05 |
2017-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
49 |
CVE-2016-3712 |
|
|
DoS Overflow |
2016-05-11 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. |
50 |
CVE-2016-3710 |
284 |
|
Exec Code |
2016-05-11 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. |