The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.09%
Published
2016-11-28
Updated
2017-01-07
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-11-23
Updated
2016-11-29
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.26%
Published
2016-11-30
Updated
2016-12-03

CVE-2016-9563

Known exploited
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
Source: MITRE
Max CVSS
6.5
EPSS Score
90.55%
Published
2016-11-23
Updated
2022-04-29
CISA KEV Added
2021-11-03
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.43%
Published
2016-11-23
Updated
2021-04-20
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
Source: MITRE
Max CVSS
10.0
EPSS Score
73.58%
Published
2016-11-28
Updated
2023-01-19
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Source: MITRE
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.40%
Published
2016-11-22
Updated
2016-12-10
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.55%
Published
2016-11-22
Updated
2017-11-04
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
Source: MITRE
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
Source: MITRE
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Source: MITRE
Max CVSS
9.8
EPSS Score
1.30%
Published
2016-11-22
Updated
2018-01-05
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
Source: MITRE
Max CVSS
9.8
EPSS Score
2.16%
Published
2016-11-22
Updated
2018-01-05
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
Source: MITRE
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.18%
Published
2016-11-29
Updated
2017-07-28
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.47%
Published
2016-11-29
Updated
2016-12-22
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.15%
Published
2016-11-25
Updated
2016-11-29
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.09%
Published
2016-11-25
Updated
2017-01-07
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2016-11-25
Updated
2016-11-29
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-11-25
Updated
2017-01-07
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.51%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.21%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.46%
Published
2016-11-17
Updated
2017-07-28
386 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!