| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-1000215 |
|
|
DoS |
2016-10-25 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Ruckus Wireless H500 web management interface denial of service |
|
2 |
CVE-2016-10088 |
416 |
|
DoS |
2016-12-30 |
2018-01-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. |
|
3 |
CVE-2016-9942 |
119 |
|
DoS Exec Code Overflow |
2016-12-31 |
2020-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. |
|
4 |
CVE-2016-9941 |
119 |
|
DoS Exec Code Overflow |
2016-12-31 |
2020-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. |
|
5 |
CVE-2016-9919 |
20 |
|
DoS |
2016-12-08 |
2023-01-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. |
|
6 |
CVE-2016-9916 |
401 |
|
DoS |
2016-12-29 |
2023-02-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. |
|
7 |
CVE-2016-9915 |
401 |
|
DoS |
2016-12-29 |
2023-02-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. |
|
8 |
CVE-2016-9914 |
401 |
|
DoS |
2016-12-29 |
2023-02-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. |
|
9 |
CVE-2016-9913 |
401 |
|
DoS |
2016-12-29 |
2023-02-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. |
|
10 |
CVE-2016-9863 |
20 |
|
DoS |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. |
|
11 |
CVE-2016-9860 |
20 |
|
DoS |
2016-12-11 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
|
12 |
CVE-2016-9859 |
20 |
|
DoS |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
|
13 |
CVE-2016-9858 |
20 |
|
DoS |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
|
14 |
CVE-2016-9806 |
362 |
|
DoS |
2016-12-28 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. |
|
15 |
CVE-2016-9794 |
362 |
|
DoS |
2016-12-28 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. |
|
16 |
CVE-2016-9793 |
119 |
|
DoS Overflow Mem. Corr. |
2016-12-28 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. |
|
17 |
CVE-2016-9777 |
125 |
|
DoS +Priv |
2016-12-28 |
2023-05-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. |
|
18 |
CVE-2016-9755 |
787 |
|
DoS Overflow |
2016-12-28 |
2018-08-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. |
|
19 |
CVE-2016-9685 |
400 |
|
DoS |
2016-12-28 |
2018-01-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. |
|
20 |
CVE-2016-9633 |
399 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. |
|
21 |
CVE-2016-9632 |
119 |
|
DoS Overflow |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. |
|
22 |
CVE-2016-9631 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
23 |
CVE-2016-9630 |
119 |
|
DoS Overflow |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. |
|
24 |
CVE-2016-9629 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
25 |
CVE-2016-9628 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
26 |
CVE-2016-9627 |
119 |
|
DoS Overflow |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. |
|
27 |
CVE-2016-9626 |
119 |
|
DoS Overflow |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. |
|
28 |
CVE-2016-9625 |
119 |
|
DoS Overflow |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. |
|
29 |
CVE-2016-9624 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
30 |
CVE-2016-9623 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
31 |
CVE-2016-9622 |
476 |
|
DoS |
2016-12-12 |
2016-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
32 |
CVE-2016-9588 |
388 |
|
DoS |
2016-12-28 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. |
|
33 |
CVE-2016-9576 |
416 |
|
DoS |
2016-12-28 |
2023-02-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. |
|
34 |
CVE-2016-9562 |
476 |
|
DoS |
2016-11-23 |
2021-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. |
|
35 |
CVE-2016-9561 |
399 |
|
DoS |
2016-12-23 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. |
|
36 |
CVE-2016-9555 |
125 |
|
DoS |
2016-11-28 |
2023-01-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. |
|
37 |
CVE-2016-9480 |
119 |
|
DoS Overflow +Info |
2016-11-29 |
2016-12-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. |
|
38 |
CVE-2016-9452 |
20 |
|
DoS |
2016-11-25 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. |
|
39 |
CVE-2016-9443 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
40 |
CVE-2016-9441 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
41 |
CVE-2016-9440 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
42 |
CVE-2016-9439 |
119 |
|
DoS Overflow |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. |
|
43 |
CVE-2016-9438 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
44 |
CVE-2016-9437 |
119 |
|
DoS Overflow Mem. Corr. |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. |
|
45 |
CVE-2016-9434 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
46 |
CVE-2016-9433 |
125 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. |
|
47 |
CVE-2016-9432 |
119 |
|
DoS Overflow Mem. Corr. |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page. |
|
48 |
CVE-2016-9431 |
119 |
|
DoS Overflow |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. |
|
49 |
CVE-2016-9430 |
476 |
|
DoS |
2016-12-12 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
|
50 |
CVE-2016-9429 |
119 |
|
DoS Exec Code Overflow |
2016-12-12 |
2017-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. |
