CVE List 2016

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2016-9953
9.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. March 12, 2018, 16:03 pm
CVE-2016-9952
8.1 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." March 12, 2018, 16:03 pm
CVE-2016-9936
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. January 4, 2017, 14:01 pm
CVE-2016-9935
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. January 4, 2017, 14:01 pm
CVE-2016-9934
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. January 4, 2017, 14:01 pm
CVE-2016-9933
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. January 4, 2017, 14:01 pm
CVE-2016-9922
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. March 27, 2017, 10:03 am
CVE-2016-9921
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. December 23, 2016, 16:12 pm
CVE-2016-9919
7.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. December 8, 2016, 11:12 am
CVE-2016-9918
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious bluez In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 8, 2016, 02:12 am
CVE-2016-9917
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious bluez In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 8, 2016, 02:12 am
CVE-2016-9916
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. December 29, 2016, 16:12 pm
CVE-2016-9915
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. December 29, 2016, 16:12 pm
CVE-2016-9914
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. December 29, 2016, 16:12 pm
CVE-2016-9913
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. December 29, 2016, 16:12 pm
CVE-2016-9877
9.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical rabbitmq An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. December 29, 2016, 03:12 am
CVE-2016-9866
9.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical phpmyadmin An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9865
9.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical phpmyadmin An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9864
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9863
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. December 10, 2016, 21:12 pm
CVE-2016-9862
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. December 10, 2016, 21:12 pm
CVE-2016-9861
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9859
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9858
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9857
6.1 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9856
6.1 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9855
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. December 10, 2016, 20:12 pm
CVE-2016-9854
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. December 10, 2016, 20:12 pm
CVE-2016-9853
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. December 10, 2016, 20:12 pm
CVE-2016-9852
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. December 10, 2016, 20:12 pm
CVE-2016-9851
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. December 10, 2016, 20:12 pm
CVE-2016-9850
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9848
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9846
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. December 29, 2016, 16:12 pm
CVE-2016-9844
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
zip Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. January 18, 2017, 11:01 am
CVE-2016-9843
9.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical zlib The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. May 22, 2017, 23:05 pm
CVE-2016-9842
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
zlib The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. May 22, 2017, 23:05 pm
CVE-2016-9841
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
zlib inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. May 22, 2017, 23:05 pm
CVE-2016-9840
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
zlib inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. May 22, 2017, 23:05 pm
CVE-2016-9813
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. January 13, 2017, 10:01 am
CVE-2016-9812
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. January 13, 2017, 10:01 am
CVE-2016-9811
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. January 13, 2017, 10:01 am
CVE-2016-9810
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. January 13, 2017, 10:01 am
CVE-2016-9809
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. January 13, 2017, 10:01 am
CVE-2016-9808
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. January 13, 2017, 10:01 am
CVE-2016-9807
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. January 13, 2017, 10:01 am
CVE-2016-9806
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. December 28, 2016, 01:12 am
CVE-2016-9804
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9802
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 3, 2016, 00:12 am
CVE-2016-9801
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. December 3, 2016, 00:12 am
CVE-2016-9800
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. December 3, 2016, 00:12 am
CVE-2016-9799
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 3, 2016, 00:12 am
CVE-2016-9798
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9797
5.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bluez In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9794
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. December 28, 2016, 01:12 am
CVE-2016-9793
6.2 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. December 28, 2016, 01:12 am
CVE-2016-9778
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-9777
6.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. December 28, 2016, 01:12 am
CVE-2016-9756
2.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. December 28, 2016, 01:12 am
CVE-2016-9755
5.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. December 28, 2016, 01:12 am
CVE-2016-9754
7.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. January 5, 2017, 05:01 am
CVE-2016-9685
2.1 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. December 28, 2016, 01:12 am
CVE-2016-9644
9.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. November 27, 2016, 21:11 pm
CVE-2016-9643
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). March 7, 2017, 10:03 am
CVE-2016-9642
5.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. February 3, 2017, 09:02 am
CVE-2016-9634
6.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer1.0 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. January 27, 2017, 16:01 pm
CVE-2016-9603
5.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 16, 2017, 11:03 am
CVE-2016-9602
6.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 23, 2017, 18:01 pm
CVE-2016-9594
4.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 9, 2017, 20:01 pm
CVE-2016-9588
3.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. December 28, 2016, 01:12 am
CVE-2016-9586
4.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 21, 2016, 19:12 pm
CVE-2016-9584
5.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libical libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. January 18, 2017, 11:01 am
CVE-2016-9576
6.2 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. December 28, 2016, 01:12 am
CVE-2016-9555
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. November 27, 2016, 21:11 pm
CVE-2016-9540
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." November 22, 2016, 13:11 pm
CVE-2016-9539
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. November 22, 2016, 13:11 pm
CVE-2016-9538
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. November 22, 2016, 13:11 pm
CVE-2016-9537
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. November 22, 2016, 13:11 pm
CVE-2016-9536
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." November 22, 2016, 13:11 pm
CVE-2016-9535
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." November 22, 2016, 13:11 pm
CVE-2016-9533
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." November 22, 2016, 13:11 pm
CVE-2016-9532
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. February 6, 2017, 11:02 am
CVE-2016-9453
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. January 27, 2017, 11:01 am
CVE-2016-9448
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. January 27, 2017, 11:01 am
CVE-2016-9447
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. January 23, 2017, 15:01 pm
CVE-2016-9446
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. January 23, 2017, 15:01 pm
CVE-2016-9445
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. January 23, 2017, 15:01 pm
CVE-2016-9444
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. January 12, 2017, 00:01 am
CVE-2016-9427
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical bdwgc Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. December 11, 2016, 20:12 pm
CVE-2016-9401
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bash popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. January 23, 2017, 15:01 pm
CVE-2016-9381
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious qemu Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. January 23, 2017, 15:01 pm
CVE-2016-9376
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. November 16, 2016, 23:11 pm
CVE-2016-9375
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. November 16, 2016, 23:11 pm
CVE-2016-9374
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. November 16, 2016, 23:11 pm
CVE-2016-9373
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. November 16, 2016, 23:11 pm
CVE-2016-9372
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. November 16, 2016, 23:11 pm
CVE-2016-9318
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libxml2 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. November 15, 2016, 18:11 pm
CVE-2016-9313
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. November 27, 2016, 21:11 pm
CVE-2016-9312
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High ntp ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. January 13, 2017, 10:01 am
CVE-2016-9311
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. January 13, 2017, 10:01 am
CVE-2016-9310
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. January 13, 2017, 10:01 am
CVE-2016-9297
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. January 18, 2017, 11:01 am
CVE-2016-9273
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. January 18, 2017, 11:01 am
CVE-2016-9191
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. November 27, 2016, 21:11 pm
CVE-2016-9178
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. November 27, 2016, 21:11 pm
CVE-2016-9147
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. January 12, 2017, 00:01 am
CVE-2016-9138
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. January 4, 2017, 14:01 pm
CVE-2016-9137
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
modphp Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. January 4, 2017, 14:01 pm
CVE-2016-9131
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. January 12, 2017, 00:01 am
CVE-2016-9120
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. December 8, 2016, 15:12 pm
CVE-2016-9106
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. December 9, 2016, 16:12 pm
CVE-2016-9105
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. December 9, 2016, 16:12 pm
CVE-2016-9104
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. December 9, 2016, 16:12 pm
CVE-2016-9103
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. December 9, 2016, 16:12 pm
CVE-2016-9102
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number. December 9, 2016, 16:12 pm
CVE-2016-9101
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. December 9, 2016, 16:12 pm
CVE-2016-9084
3.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. November 27, 2016, 21:11 pm
CVE-2016-9083
3.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." November 27, 2016, 21:11 pm
CVE-2016-9082
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
cairo Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. February 3, 2017, 09:02 am
CVE-2016-9063
3.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low expect ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 25, 2017, 02:07 am
CVE-2016-9042
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 24, 2017, 21:03 pm
CVE-2016-8910
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. November 4, 2016, 16:11 pm
CVE-2016-8909
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. November 4, 2016, 16:11 pm
CVE-2016-8867
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious docker Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. October 28, 2016, 10:10 am
CVE-2016-8864
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High bind named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. November 2, 2016, 12:11 pm
CVE-2016-8858
3.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." December 9, 2016, 05:12 am
CVE-2016-8743
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal apache2 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. July 27, 2017, 16:07 pm
CVE-2016-8740
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
apache2 The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. December 5, 2016, 13:12 pm
CVE-2016-8689
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. February 15, 2017, 13:02 pm
CVE-2016-8688
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. February 15, 2017, 13:02 pm
CVE-2016-8687
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. February 15, 2017, 13:02 pm
CVE-2016-8669
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. November 4, 2016, 16:11 pm
CVE-2016-8668
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. November 4, 2016, 16:11 pm
CVE-2016-8667
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. November 4, 2016, 16:11 pm
CVE-2016-8666
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. October 16, 2016, 16:10 pm
CVE-2016-8660
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." October 16, 2016, 16:10 pm
CVE-2016-8658
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. October 16, 2016, 16:10 pm
CVE-2016-8655
6.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. December 8, 2016, 02:12 am
CVE-2016-8650
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. November 27, 2016, 21:11 pm
CVE-2016-8646
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. November 27, 2016, 21:11 pm
CVE-2016-8645
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. November 27, 2016, 21:11 pm
CVE-2016-8636
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. February 22, 2017, 10:02 am
CVE-2016-8635
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 9, 2016, 01:12 am
CVE-2016-8633
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. November 27, 2016, 21:11 pm
CVE-2016-8632
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. November 27, 2016, 21:11 pm
CVE-2016-8630
5.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. November 27, 2016, 21:11 pm
CVE-2016-8625
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 17:11 pm
CVE-2016-8624
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8623
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8622
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 16:11 pm
CVE-2016-8621
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8620
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8619
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8618
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8617
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8616
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 16:11 pm
CVE-2016-8615
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-8610
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. November 13, 2017, 16:11 pm
CVE-2016-8606
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
guile The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. January 12, 2017, 16:01 pm
CVE-2016-8602
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. April 14, 2017, 13:04 pm
CVE-2016-8601
4.35 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a "generally available" software product. Notes: none. December 6, 2016, 12:12 pm
CVE-2016-8578
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. November 4, 2016, 16:11 pm
CVE-2016-8577
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. November 4, 2016, 16:11 pm
CVE-2016-8576
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. November 4, 2016, 16:11 pm
CVE-2016-8575
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. January 27, 2017, 19:01 pm
CVE-2016-8574
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). January 27, 2017, 19:01 pm
CVE-2016-8483
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099. March 7, 2017, 19:03 pm
CVE-2016-8481
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. February 8, 2017, 09:02 am
CVE-2016-8480
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. February 8, 2017, 09:02 am
CVE-2016-8479
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. March 7, 2017, 19:03 pm
CVE-2016-8478
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206. March 7, 2017, 19:03 pm
CVE-2016-8477
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007. March 7, 2017, 19:03 pm
CVE-2016-8476
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. February 8, 2017, 09:02 am
CVE-2016-8475
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129. January 12, 2017, 14:01 pm
CVE-2016-8474
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. January 12, 2017, 14:01 pm
CVE-2016-8473
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. January 12, 2017, 14:01 pm
CVE-2016-8469
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. January 12, 2017, 14:01 pm
CVE-2016-8468
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. January 12, 2017, 14:01 pm
CVE-2016-8466
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268. January 12, 2017, 14:01 pm
CVE-2016-8465
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053. January 12, 2017, 14:01 pm
CVE-2016-8464
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314. January 12, 2017, 14:01 pm
CVE-2016-8463
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855. January 12, 2017, 14:01 pm
CVE-2016-8461
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621. January 12, 2017, 14:01 pm
CVE-2016-8460
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. January 12, 2017, 14:01 pm
CVE-2016-8459
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462. January 12, 2017, 14:01 pm
CVE-2016-8458
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442. January 12, 2017, 14:01 pm
CVE-2016-8457
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. January 12, 2017, 14:01 pm
CVE-2016-8456
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580. January 12, 2017, 14:01 pm
CVE-2016-8455
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311. January 12, 2017, 14:01 pm
CVE-2016-8454
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142. January 12, 2017, 14:01 pm
CVE-2016-8453
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392. January 12, 2017, 14:01 pm
CVE-2016-8452
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323. January 12, 2017, 14:01 pm
CVE-2016-8451
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033. January 12, 2017, 14:01 pm
CVE-2016-8450
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388. January 12, 2017, 14:01 pm
CVE-2016-8449
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449. January 12, 2017, 14:01 pm
CVE-2016-8444
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. January 12, 2017, 14:01 pm
CVE-2016-8443
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. January 12, 2017, 14:01 pm
CVE-2016-8442
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. January 12, 2017, 14:01 pm
CVE-2016-8441
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769. January 12, 2017, 14:01 pm
CVE-2016-8440
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747. January 12, 2017, 14:01 pm
CVE-2016-8439
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804. January 12, 2017, 14:01 pm
CVE-2016-8438
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638. January 12, 2017, 14:01 pm
CVE-2016-8437
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. January 12, 2017, 14:01 pm
CVE-2016-8436
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. January 12, 2017, 14:01 pm
CVE-2016-8435
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435. January 12, 2017, 14:01 pm
CVE-2016-8434
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855. January 12, 2017, 14:01 pm
CVE-2016-8432
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. January 12, 2017, 14:01 pm
CVE-2016-8431
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. January 12, 2017, 14:01 pm
CVE-2016-8430
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430. January 12, 2017, 14:01 pm
CVE-2016-8429
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429. January 12, 2017, 14:01 pm
CVE-2016-8428
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428. January 12, 2017, 14:01 pm
CVE-2016-8427
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. January 12, 2017, 14:01 pm
CVE-2016-8426
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426. January 12, 2017, 14:01 pm
CVE-2016-8425
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425. January 12, 2017, 14:01 pm
CVE-2016-8424
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424. January 12, 2017, 14:01 pm
CVE-2016-8421
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. February 8, 2017, 09:02 am
CVE-2016-8420
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. February 8, 2017, 09:02 am
CVE-2016-8419
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. February 8, 2017, 09:02 am
CVE-2016-8417
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824. March 7, 2017, 19:03 pm
CVE-2016-8416
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206. March 7, 2017, 19:03 pm
CVE-2016-8415
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596. January 12, 2017, 14:01 pm
CVE-2016-8414
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. February 8, 2017, 09:02 am
CVE-2016-8413
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731. March 7, 2017, 19:03 pm
CVE-2016-8412
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891. January 12, 2017, 14:01 pm
CVE-2016-8410
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010. January 12, 2017, 09:01 am
CVE-2016-8409
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409. January 12, 2017, 09:01 am
CVE-2016-8408
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408. January 12, 2017, 09:01 am
CVE-2016-8407
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656. January 12, 2017, 09:01 am
CVE-2016-8406
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. January 12, 2017, 09:01 am
CVE-2016-8405
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010. January 12, 2017, 09:01 am
CVE-2016-8404
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. January 12, 2017, 09:01 am
CVE-2016-8403
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. January 12, 2017, 09:01 am
CVE-2016-8402
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231. January 12, 2017, 09:01 am
CVE-2016-8401
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. January 12, 2017, 09:01 am
CVE-2016-8400
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400. January 12, 2017, 09:01 am
CVE-2016-8399
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. January 12, 2017, 09:01 am
CVE-2016-8398
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705. January 12, 2017, 14:01 pm
CVE-2016-8397
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397. January 12, 2017, 09:01 am
CVE-2016-8395
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395. January 12, 2017, 09:01 am
CVE-2016-8394
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. January 12, 2017, 09:01 am
CVE-2016-8393
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920. January 12, 2017, 09:01 am
CVE-2016-8392
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136. January 12, 2017, 09:01 am
CVE-2016-8391
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166. January 12, 2017, 09:01 am
CVE-2016-8339
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical redis A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. October 28, 2016, 09:10 am
CVE-2016-8327
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2016-8318
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2016-8290
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. October 25, 2016, 09:10 am
CVE-2016-8289
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-8288
3.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. October 25, 2016, 09:10 am
CVE-2016-8287
4.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. October 25, 2016, 09:10 am
CVE-2016-8286
3.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. October 25, 2016, 09:10 am
CVE-2016-8284
1.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. October 25, 2016, 09:10 am
CVE-2016-8283
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. October 25, 2016, 09:10 am
CVE-2016-7995
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. December 9, 2016, 18:12 pm
CVE-2016-7994
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. December 9, 2016, 18:12 pm
CVE-2016-7993
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). January 27, 2017, 19:01 pm
CVE-2016-7992
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7986
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7985
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). January 27, 2017, 19:01 pm
CVE-2016-7984
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). January 27, 2017, 19:01 pm
CVE-2016-7983
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). January 27, 2017, 19:01 pm
CVE-2016-7979
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. May 22, 2017, 23:05 pm
CVE-2016-7978
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ghostscript Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. May 22, 2017, 23:05 pm
CVE-2016-7977
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. May 22, 2017, 23:05 pm
CVE-2016-7976
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ghostscript The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. August 7, 2017, 15:08 pm
CVE-2016-7975
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). January 27, 2017, 19:01 pm
CVE-2016-7974
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7973
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7958
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious wireshark In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. April 12, 2017, 05:04 am
CVE-2016-7957
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious wireshark In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. April 12, 2017, 05:04 am
CVE-2016-7953
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxvmc Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. December 13, 2016, 14:12 pm
CVE-2016-7952
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxtst X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. December 13, 2016, 14:12 pm
CVE-2016-7951
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxtst Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. December 13, 2016, 14:12 pm
CVE-2016-7950
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxrender The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. December 13, 2016, 14:12 pm
CVE-2016-7949
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxrender Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7948
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxrandr X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. December 13, 2016, 14:12 pm
CVE-2016-7947
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxrandr Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. December 13, 2016, 14:12 pm
CVE-2016-7946
2.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxi X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7945
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxi Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7944
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxfixes Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. December 13, 2016, 14:12 pm
CVE-2016-7943
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libx11 The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. December 13, 2016, 14:12 pm
CVE-2016-7942
2.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libx11 The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. December 13, 2016, 14:12 pm
CVE-2016-7940
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7939
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7938
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). January 27, 2017, 19:01 pm
CVE-2016-7937
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). January 27, 2017, 19:01 pm
CVE-2016-7936
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). January 27, 2017, 19:01 pm
CVE-2016-7935
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). January 27, 2017, 19:01 pm
CVE-2016-7934
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). January 27, 2017, 19:01 pm
CVE-2016-7933
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7932
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). January 27, 2017, 19:01 pm
CVE-2016-7931
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). January 27, 2017, 19:01 pm
CVE-2016-7930
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). January 27, 2017, 19:01 pm
CVE-2016-7929
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). January 27, 2017, 19:01 pm
CVE-2016-7928
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). January 27, 2017, 19:01 pm
CVE-2016-7927
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). January 27, 2017, 19:01 pm
CVE-2016-7926
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). January 27, 2017, 19:01 pm
CVE-2016-7925
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7924
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). January 27, 2017, 19:01 pm
CVE-2016-7923
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). January 27, 2017, 19:01 pm
CVE-2016-7922
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tcpdump The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). January 27, 2017, 19:01 pm
CVE-2016-7916
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. November 15, 2016, 23:11 pm
CVE-2016-7915
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. November 15, 2016, 23:11 pm
CVE-2016-7914
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. November 15, 2016, 23:11 pm
CVE-2016-7913
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. November 15, 2016, 23:11 pm
CVE-2016-7912
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. November 15, 2016, 23:11 pm
CVE-2016-7911
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. November 15, 2016, 23:11 pm
CVE-2016-7910
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. November 15, 2016, 23:11 pm
CVE-2016-7909
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. October 5, 2016, 11:10 am
CVE-2016-7908
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. October 5, 2016, 11:10 am
CVE-2016-7907
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. October 5, 2016, 11:10 am
CVE-2016-7837
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious bluez Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. June 9, 2017, 11:06 am
CVE-2016-7798
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ruby The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. January 30, 2017, 16:01 pm
CVE-2016-7797
7.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
pacemaker Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. March 24, 2017, 10:03 am
CVE-2016-7796
5.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
systemd The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. October 13, 2016, 09:10 am
CVE-2016-7795
5.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
systemd The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. October 13, 2016, 09:10 am
CVE-2016-7545
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
policycoreutils SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. January 19, 2017, 14:01 pm
CVE-2016-7543
6.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bash Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. January 19, 2017, 14:01 pm
CVE-2016-7480
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. January 11, 2017, 01:01 am
CVE-2016-7478
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. January 11, 2017, 00:01 am
CVE-2016-7466
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. December 9, 2016, 18:12 pm
CVE-2016-7444
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gnutls The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. September 27, 2016, 10:09 am
CVE-2016-7440
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. December 13, 2016, 10:12 am
CVE-2016-7434
3.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. January 13, 2017, 10:01 am
CVE-2016-7433
1.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." January 13, 2017, 10:01 am
CVE-2016-7431
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. January 13, 2017, 10:01 am
CVE-2016-7429
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. January 13, 2017, 10:01 am
CVE-2016-7428
3.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. January 13, 2017, 10:01 am
CVE-2016-7427
3.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. January 13, 2017, 10:01 am
CVE-2016-7426
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. January 13, 2017, 10:01 am
CVE-2016-7425
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. October 16, 2016, 16:10 pm
CVE-2016-7423
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. October 10, 2016, 11:10 am
CVE-2016-7422
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. December 9, 2016, 18:12 pm
CVE-2016-7421
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. December 9, 2016, 18:12 pm
CVE-2016-7418
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. September 17, 2016, 16:09 pm
CVE-2016-7417
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. September 17, 2016, 16:09 pm
CVE-2016-7416
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. September 17, 2016, 16:09 pm
CVE-2016-7415
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
icu Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. September 17, 2016, 16:09 pm
CVE-2016-7414
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. September 17, 2016, 16:09 pm
CVE-2016-7413
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. September 17, 2016, 16:09 pm
CVE-2016-7412
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. September 17, 2016, 16:09 pm
CVE-2016-7411
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. September 17, 2016, 16:09 pm
CVE-2016-7180
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7179
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7178
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7177
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7176
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7175
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7170
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. December 9, 2016, 18:12 pm
CVE-2016-7167
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. October 7, 2016, 09:10 am
CVE-2016-7166
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. September 21, 2016, 09:09 am
CVE-2016-7161
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. October 5, 2016, 11:10 am
CVE-2016-7157
2.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. December 9, 2016, 18:12 pm
CVE-2016-7156
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. December 9, 2016, 18:12 pm
CVE-2016-7155
3.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. December 9, 2016, 18:12 pm
CVE-2016-7141
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libcurl curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. October 3, 2016, 16:10 pm
CVE-2016-7134
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call. September 11, 2016, 20:09 pm
CVE-2016-7133
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. September 11, 2016, 20:09 pm
CVE-2016-7132
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. September 11, 2016, 20:09 pm
CVE-2016-7131
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. September 11, 2016, 20:09 pm
CVE-2016-7130
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. September 11, 2016, 20:09 pm
CVE-2016-7129
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. September 11, 2016, 20:09 pm
CVE-2016-7128
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. September 11, 2016, 20:09 pm
CVE-2016-7127
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. September 11, 2016, 20:09 pm
CVE-2016-7126
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. September 11, 2016, 20:09 pm
CVE-2016-7125
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. September 11, 2016, 20:09 pm
CVE-2016-7124
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. September 11, 2016, 20:09 pm
CVE-2016-7118
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem. August 31, 2016, 09:08 am
CVE-2016-7117
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. October 10, 2016, 06:10 am
CVE-2016-7116
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. December 9, 2016, 18:12 pm
CVE-2016-7098
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wget Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. September 26, 2016, 09:09 am
CVE-2016-7097
3.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. October 16, 2016, 16:10 pm
CVE-2016-7056
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 23, 2017, 18:01 pm
CVE-2016-7054
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openssl In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. May 4, 2017, 14:05 pm
CVE-2016-7053
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openssl In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. May 4, 2017, 14:05 pm
CVE-2016-7052
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. September 26, 2016, 14:09 pm
CVE-2016-7048
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious postgresql ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-7042
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. October 16, 2016, 16:10 pm
CVE-2016-7039
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. October 16, 2016, 16:10 pm
CVE-2016-7035
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
pacemaker ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-7032
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious sudo sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. April 14, 2017, 13:04 pm
CVE-2016-6888
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. December 9, 2016, 18:12 pm
CVE-2016-6836
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. December 9, 2016, 18:12 pm
CVE-2016-6835
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. December 9, 2016, 18:12 pm
CVE-2016-6834
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. December 9, 2016, 18:12 pm
CVE-2016-6833
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. December 9, 2016, 18:12 pm
CVE-2016-6828
3.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. October 16, 2016, 16:10 pm
CVE-2016-6791
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809. January 12, 2017, 09:01 am
CVE-2016-6790
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790. January 12, 2017, 09:01 am
CVE-2016-6789
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. January 12, 2017, 09:01 am
CVE-2016-6787
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. December 28, 2016, 01:12 am
CVE-2016-6786
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. December 28, 2016, 01:12 am
CVE-2016-6785
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400. January 12, 2017, 09:01 am
CVE-2016-6782
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. January 12, 2017, 09:01 am
CVE-2016-6781
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455. January 12, 2017, 09:01 am
CVE-2016-6780
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496. January 12, 2017, 09:01 am
CVE-2016-6779
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. January 12, 2017, 09:01 am
CVE-2016-6778
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646. January 12, 2017, 09:01 am
CVE-2016-6777
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. January 12, 2017, 09:01 am
CVE-2016-6776
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. January 12, 2017, 09:01 am
CVE-2016-6775
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. January 12, 2017, 09:01 am
CVE-2016-6761
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792. January 12, 2017, 09:01 am
CVE-2016-6760
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. January 12, 2017, 09:01 am
CVE-2016-6759
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766. January 12, 2017, 09:01 am
CVE-2016-6758
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. January 12, 2017, 09:01 am
CVE-2016-6757
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821. January 12, 2017, 09:01 am
CVE-2016-6756
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. January 12, 2017, 09:01 am
CVE-2016-6755
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. January 12, 2017, 09:01 am
CVE-2016-6664
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
mysql5 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. December 13, 2016, 15:12 pm
CVE-2016-6663
3.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
mysql5 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. December 13, 2016, 15:12 pm
CVE-2016-6633
8.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6632
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6631
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6630
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6628
6.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6627
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6626
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6624
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6623
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6621
8.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. January 31, 2017, 13:01 pm
CVE-2016-6619
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6618
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6617
8.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. December 10, 2016, 20:12 pm
CVE-2016-6616
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. December 10, 2016, 20:12 pm
CVE-2016-6615
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. December 10, 2016, 20:12 pm
CVE-2016-6614
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6613
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6612
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6611
8.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6610
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6609
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6608
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. December 10, 2016, 20:12 pm
CVE-2016-6607
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6516
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6515
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. August 7, 2016, 16:08 pm
CVE-2016-6513
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6512
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. August 6, 2016, 18:08 pm
CVE-2016-6511
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6510
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6509
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6508
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6507
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6506
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6505
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6504
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6503
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6490
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer. December 9, 2016, 18:12 pm
CVE-2016-6489
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nettle The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. April 14, 2017, 13:04 pm
CVE-2016-6480
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6354
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
flex Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. September 21, 2016, 09:09 am
CVE-2016-6352
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gdk-pixbuf The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. October 3, 2016, 13:10 pm
CVE-2016-6351
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. September 7, 2016, 13:09 pm
CVE-2016-6329
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openvpn OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. January 31, 2017, 16:01 pm
CVE-2016-6327
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. October 16, 2016, 16:10 pm
CVE-2016-6323
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gcc The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. October 7, 2016, 09:10 am
CVE-2016-6321
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tar Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. December 9, 2016, 16:12 pm
CVE-2016-6318
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
cracklib Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. September 7, 2016, 14:09 pm
CVE-2016-6313
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libgcrypt The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. December 13, 2016, 14:12 pm
CVE-2016-6309
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. September 26, 2016, 14:09 pm
CVE-2016-6308
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. September 26, 2016, 14:09 pm
CVE-2016-6307
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. September 26, 2016, 14:09 pm
CVE-2016-6306
1.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. September 26, 2016, 14:09 pm
CVE-2016-6305
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openssl The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. September 26, 2016, 14:09 pm
CVE-2016-6304
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. September 26, 2016, 14:09 pm
CVE-2016-6303
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. September 16, 2016, 00:09 am
CVE-2016-6302
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. September 16, 2016, 00:09 am
CVE-2016-6301
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High busybox The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. December 9, 2016, 14:12 pm
CVE-2016-6297
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. July 25, 2016, 09:07 am
CVE-2016-6296
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. July 25, 2016, 09:07 am
CVE-2016-6295
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. July 25, 2016, 09:07 am
CVE-2016-6294
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. July 25, 2016, 09:07 am
CVE-2016-6292
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. July 25, 2016, 09:07 am
CVE-2016-6291
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. July 25, 2016, 09:07 am
CVE-2016-6290
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. July 25, 2016, 09:07 am
CVE-2016-6289
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. July 25, 2016, 09:07 am
CVE-2016-6288
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. July 25, 2016, 09:07 am
CVE-2016-6264
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
uclibc Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function. January 27, 2017, 16:01 pm
CVE-2016-6263
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libidn The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. September 7, 2016, 15:09 pm
CVE-2016-6262
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libidn idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. September 7, 2016, 15:09 pm
CVE-2016-6261
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libidn The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. September 7, 2016, 15:09 pm
CVE-2016-6255
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. March 7, 2017, 10:03 am
CVE-2016-6252
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. February 17, 2017, 11:02 am
CVE-2016-6251
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. February 17, 2017, 09:02 am
CVE-2016-6250
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. September 21, 2016, 09:09 am
CVE-2016-6223
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. January 23, 2017, 15:01 pm
CVE-2016-6213
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. December 28, 2016, 01:12 am
CVE-2016-6210
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. February 13, 2017, 11:02 am
CVE-2016-6207
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. August 12, 2016, 10:08 am
CVE-2016-6198
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. August 6, 2016, 15:08 pm
CVE-2016-6197
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. August 6, 2016, 15:08 pm
CVE-2016-6187
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. August 6, 2016, 15:08 pm
CVE-2016-6185
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
perl The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. August 2, 2016, 09:08 am
CVE-2016-6174
8.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. July 12, 2016, 14:07 pm
CVE-2016-6170
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. July 6, 2016, 09:07 am
CVE-2016-6163
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. February 3, 2017, 09:02 am
CVE-2016-6162
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations. August 6, 2016, 15:08 pm
CVE-2016-6156
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6153
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
sqlite os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. September 26, 2016, 11:09 am
CVE-2016-6136
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6131
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. February 7, 2017, 09:02 am
CVE-2016-6130
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. July 3, 2016, 16:07 pm
CVE-2016-5875
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 11, 2018, 21:03 pm
CVE-2016-5870
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. April 4, 2017, 13:04 pm
CVE-2016-5856
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. April 12, 2017, 17:04 pm
CVE-2016-5844
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libarchive Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. September 21, 2016, 09:09 am
CVE-2016-5829
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. June 27, 2016, 05:06 am
CVE-2016-5828
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. June 27, 2016, 05:06 am
CVE-2016-5827
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libical The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. January 27, 2017, 16:01 pm
CVE-2016-5826
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libical The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. January 27, 2017, 16:01 pm
CVE-2016-5825
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libical The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5824
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libical libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5823
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libical The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5773
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. August 7, 2016, 05:08 am
CVE-2016-5772
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. August 7, 2016, 05:08 am
CVE-2016-5771
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. August 7, 2016, 05:08 am
CVE-2016-5770
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. August 7, 2016, 05:08 am
CVE-2016-5769
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. August 7, 2016, 05:08 am
CVE-2016-5768
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. August 7, 2016, 05:08 am
CVE-2016-5767
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libgd Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. August 7, 2016, 05:08 am
CVE-2016-5766
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libgd Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. August 7, 2016, 05:08 am
CVE-2016-5739
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. July 2, 2016, 20:07 pm
CVE-2016-5734
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. July 2, 2016, 20:07 pm
CVE-2016-5733
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. July 2, 2016, 20:07 pm
CVE-2016-5732
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. July 2, 2016, 20:07 pm
CVE-2016-5731
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. July 2, 2016, 20:07 pm
CVE-2016-5730
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. July 2, 2016, 20:07 pm
CVE-2016-5728
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. June 27, 2016, 05:06 am
CVE-2016-5725
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal jsch Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command. January 19, 2017, 16:01 pm
CVE-2016-5706
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. July 2, 2016, 20:07 pm
CVE-2016-5705
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. July 2, 2016, 20:07 pm
CVE-2016-5704
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. July 2, 2016, 20:07 pm
CVE-2016-5703
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical phpmyadmin SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. July 2, 2016, 20:07 pm
CVE-2016-5702
3.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low phpmyadmin phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. July 2, 2016, 20:07 pm
CVE-2016-5701
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. July 2, 2016, 20:07 pm
CVE-2016-5699
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
python CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. September 2, 2016, 09:09 am
CVE-2016-5696
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. August 6, 2016, 15:08 pm
CVE-2016-5636
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
python Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. September 2, 2016, 09:09 am
CVE-2016-5635
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. October 25, 2016, 09:10 am
CVE-2016-5634
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. October 25, 2016, 09:10 am
CVE-2016-5633
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. October 25, 2016, 09:10 am
CVE-2016-5632
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. October 25, 2016, 09:10 am
CVE-2016-5631
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. October 25, 2016, 09:10 am
CVE-2016-5630
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5629
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. October 25, 2016, 09:10 am
CVE-2016-5628
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. October 25, 2016, 09:10 am
CVE-2016-5627
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5626
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. October 25, 2016, 09:10 am
CVE-2016-5625
7.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. October 25, 2016, 09:10 am
CVE-2016-5624
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5617
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
mysql5 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. October 25, 2016, 09:10 am
CVE-2016-5616
3.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
mysql5 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. October 25, 2016, 09:10 am
CVE-2016-5612
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5609
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5584
4.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. October 25, 2016, 09:10 am
CVE-2016-5507
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5444
3.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. July 21, 2016, 05:07 am
CVE-2016-5443
4.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. July 21, 2016, 05:07 am
CVE-2016-5442
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-5441
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. July 21, 2016, 05:07 am
CVE-2016-5440
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. July 21, 2016, 05:07 am
CVE-2016-5439
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. July 21, 2016, 05:07 am
CVE-2016-5437
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. July 21, 2016, 05:07 am
CVE-2016-5436
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-5424
7.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious postgresql PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. December 9, 2016, 17:12 pm
CVE-2016-5423
8.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious postgresql PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. December 9, 2016, 17:12 pm
CVE-2016-5421
3.7 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. August 10, 2016, 09:08 am
CVE-2016-5420
3.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. August 10, 2016, 09:08 am
CVE-2016-5419
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. August 10, 2016, 09:08 am
CVE-2016-5418
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. September 21, 2016, 09:09 am
CVE-2016-5417
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. February 16, 2017, 20:02 pm
CVE-2016-5412
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. August 6, 2016, 15:08 pm
CVE-2016-5407
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxv The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. December 13, 2016, 14:12 pm
CVE-2016-5403
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. August 2, 2016, 11:08 am
CVE-2016-5400
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. August 6, 2016, 15:08 pm
CVE-2016-5399
5.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
modphp The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. April 21, 2017, 15:04 pm
CVE-2016-5389
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5696. Reason: This candidate is a reservation duplicate of CVE-2016-5696. Notes: All CVE users should reference CVE-2016-5696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. July 13, 2016, 11:07 am
CVE-2016-5384
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious fontconfig fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. August 12, 2016, 20:08 pm
CVE-2016-5359
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5358
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5357
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5356
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5355
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5354
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5353
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5352
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5351
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5350
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5344
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. August 30, 2016, 12:08 pm
CVE-2016-5343
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. October 10, 2016, 05:10 am
CVE-2016-5342
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. August 30, 2016, 12:08 pm
CVE-2016-5340
8.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. August 7, 2016, 16:08 pm
CVE-2016-5338
4.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. June 14, 2016, 09:06 am
CVE-2016-5337
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. June 14, 2016, 09:06 am
CVE-2016-5323
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. January 20, 2017, 09:01 am
CVE-2016-5322
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. April 11, 2017, 13:04 pm
CVE-2016-5321
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. January 20, 2017, 09:01 am
CVE-2016-5320
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 11, 2018, 21:03 pm
CVE-2016-5319
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. January 20, 2017, 09:01 am
CVE-2016-5318
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. January 20, 2017, 09:01 am
CVE-2016-5317
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. January 20, 2017, 09:01 am
CVE-2016-5316
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. January 20, 2017, 09:01 am
CVE-2016-5315
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. March 7, 2017, 09:03 am
CVE-2016-5314
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. March 11, 2018, 21:03 pm
CVE-2016-5300
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
expat The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. June 16, 2016, 13:06 pm
CVE-2016-5285
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 10, 2018, 22:04 pm
CVE-2016-5244
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. June 27, 2016, 05:06 am
CVE-2016-5243
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. June 27, 2016, 05:06 am
CVE-2016-5238
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. June 14, 2016, 09:06 am
CVE-2016-5195
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." November 10, 2016, 15:11 pm
CVE-2016-5180
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
c-ares Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. October 3, 2016, 10:10 am
CVE-2016-5131
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. July 23, 2016, 14:07 pm
CVE-2016-5126
4.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. June 1, 2016, 17:06 pm
CVE-2016-5114
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging. August 7, 2016, 05:08 am
CVE-2016-5107
1.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. September 2, 2016, 09:09 am
CVE-2016-5106
1.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. September 2, 2016, 09:09 am
CVE-2016-5105
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. September 2, 2016, 09:09 am
CVE-2016-5102
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. February 6, 2017, 11:02 am
CVE-2016-5099
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. July 4, 2016, 20:07 pm
CVE-2016-5098
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. July 4, 2016, 20:07 pm
CVE-2016-5097
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. July 4, 2016, 20:07 pm
CVE-2016-5096
8.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument. August 7, 2016, 05:08 am
CVE-2016-5095
8.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094. August 7, 2016, 05:08 am
CVE-2016-5094
8.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. August 7, 2016, 05:08 am
CVE-2016-5011
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. April 11, 2017, 10:04 am
CVE-2016-5008
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libvirt libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. July 13, 2016, 10:07 am
CVE-2016-5000
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal poi The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. August 5, 2016, 09:08 am
CVE-2016-4998
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. July 3, 2016, 16:07 pm
CVE-2016-4997
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. July 3, 2016, 16:07 pm
CVE-2016-4979
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
appache The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. July 6, 2016, 09:07 am
CVE-2016-4973
3.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. June 7, 2017, 15:06 pm
CVE-2016-4971
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gnu_wget GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. June 30, 2016, 12:06 pm
CVE-2016-4964
2.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. December 9, 2016, 18:12 pm
CVE-2016-4957
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. July 4, 2016, 20:07 pm
CVE-2016-4956
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. July 4, 2016, 20:07 pm
CVE-2016-4955
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ntp ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. July 4, 2016, 20:07 pm
CVE-2016-4954
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ntp The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. July 4, 2016, 20:07 pm
CVE-2016-4953
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. July 4, 2016, 20:07 pm
CVE-2016-4952
1.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. September 2, 2016, 09:09 am
CVE-2016-4951
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. May 23, 2016, 05:05 am
CVE-2016-4913
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. May 23, 2016, 05:05 am
CVE-2016-4809
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. September 21, 2016, 09:09 am
CVE-2016-4805
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. May 23, 2016, 05:05 am
CVE-2016-4804
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dosfstools The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. June 3, 2016, 09:06 am
CVE-2016-4802
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. June 24, 2016, 12:06 pm
CVE-2016-4794
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. May 23, 2016, 05:05 am
CVE-2016-4616
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4615
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4614
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4610
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4609
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4608
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4607
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4592
6.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4591
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. July 21, 2016, 21:07 pm
CVE-2016-4590
5.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4589
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. July 21, 2016, 21:07 pm
CVE-2016-4588
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4587
5.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4586
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4585
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. July 21, 2016, 21:07 pm
CVE-2016-4584
8.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4583
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. July 21, 2016, 21:07 pm
CVE-2016-4581
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. May 23, 2016, 05:05 am
CVE-2016-4580
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. May 23, 2016, 05:05 am
CVE-2016-4579
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libskba Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." June 13, 2016, 14:06 pm
CVE-2016-4578
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. May 23, 2016, 05:05 am
CVE-2016-4569
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. May 23, 2016, 05:05 am
CVE-2016-4568
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. May 23, 2016, 05:05 am
CVE-2016-4565
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. May 23, 2016, 05:05 am
CVE-2016-4558
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. May 23, 2016, 05:05 am
CVE-2016-4557
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. May 23, 2016, 05:05 am
CVE-2016-4556
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. May 10, 2016, 14:05 pm
CVE-2016-4555
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. May 10, 2016, 14:05 pm
CVE-2016-4554
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. May 10, 2016, 14:05 pm
CVE-2016-4553
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. May 10, 2016, 14:05 pm
CVE-2016-4544
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4543
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4542
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4541
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. May 21, 2016, 20:05 pm
CVE-2016-4540
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. May 21, 2016, 20:05 pm
CVE-2016-4539
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. May 21, 2016, 20:05 pm
CVE-2016-4538
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. May 21, 2016, 20:05 pm
CVE-2016-4537
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. May 21, 2016, 20:05 pm
CVE-2016-4493
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. February 24, 2017, 14:02 pm
CVE-2016-4492
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. February 24, 2017, 14:02 pm
CVE-2016-4491
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once." February 24, 2017, 14:02 pm
CVE-2016-4490
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. February 24, 2017, 14:02 pm
CVE-2016-4489
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." February 24, 2017, 14:02 pm
CVE-2016-4488
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." February 24, 2017, 14:02 pm
CVE-2016-4487
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." February 24, 2017, 14:02 pm
CVE-2016-4486
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. May 23, 2016, 05:05 am
CVE-2016-4485
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. May 23, 2016, 05:05 am
CVE-2016-4483
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. April 11, 2017, 11:04 am
CVE-2016-4482
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
fedora The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. May 23, 2016, 05:05 am
CVE-2016-4476
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject May 9, 2016, 05:05 am
haracters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
Pro 5.0
Carrier Grade CGE 7.0
CGX 2.0 unspecified
CGX 1.8 unspecified
MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Hostapd select * from pg_cve_data where cve like '%CVE-2016%' order by cve desc December 31, 1969, 18:12 pm
CVE-2016-4473
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. June 8, 2017, 15:06 pm
CVE-2016-4472
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
expat The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. June 30, 2016, 12:06 pm
CVE-2016-4470
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
enterprise_mrg The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. June 27, 2016, 05:06 am
CVE-2016-4463
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
xerces-c++ Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. July 8, 2016, 14:07 pm
CVE-2016-4456
5.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gnutls The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. August 8, 2017, 16:08 pm
CVE-2016-4454
3.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. June 1, 2016, 17:06 pm
CVE-2016-4453
4.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. June 1, 2016, 17:06 pm
CVE-2016-4450
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious nginx os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. June 7, 2016, 09:06 am
CVE-2016-4449
5.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. June 9, 2016, 11:06 am
CVE-2016-4448
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. June 9, 2016, 11:06 am
CVE-2016-4447
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. June 9, 2016, 11:06 am
CVE-2016-4441
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. May 20, 2016, 09:05 am
CVE-2016-4440
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. June 27, 2016, 05:06 am
CVE-2016-4439
4.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. May 20, 2016, 09:05 am
CVE-2016-4429
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. June 10, 2016, 10:06 am
CVE-2016-4421
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. April 30, 2016, 20:04 pm
CVE-2016-4420
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4419
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4418
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. April 30, 2016, 20:04 pm
CVE-2016-4417
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. April 30, 2016, 20:04 pm
CVE-2016-4416
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4415
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. April 30, 2016, 20:04 pm
CVE-2016-4356
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libskba The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. June 13, 2016, 14:06 pm
CVE-2016-4355
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libskba Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. June 13, 2016, 14:06 pm
CVE-2016-4354
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libskba ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. June 13, 2016, 14:06 pm
CVE-2016-4353
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libskba ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. June 13, 2016, 14:06 pm
CVE-2016-4348
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
librsvg The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. May 20, 2016, 09:05 am
CVE-2016-4347
0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candidate is a reservation duplicate of CVE-2015-7558. Notes: All CVE users should reference CVE-2015-7558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. June 6, 2016, 10:06 am
CVE-2016-4346
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4345
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4344
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4343
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. May 21, 2016, 20:05 pm
CVE-2016-4342
8.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. May 21, 2016, 20:05 pm
CVE-2016-4302
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. September 21, 2016, 09:09 am
CVE-2016-4301
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. September 21, 2016, 09:09 am
CVE-2016-4300
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. September 21, 2016, 09:09 am
CVE-2016-4085
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. April 25, 2016, 05:04 am
CVE-2016-4084
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. April 25, 2016, 05:04 am
CVE-2016-4083
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4082
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4081
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4080
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4079
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4078
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. April 25, 2016, 05:04 am
CVE-2016-4077
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4076
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4073
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. May 20, 2016, 06:05 am
CVE-2016-4072
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of characters by the phar_analyze_path function in ext/phar/phar.c. May 20, 2016, 06:05 am
CVE-2016-4071
9.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. May 20, 2016, 06:05 am
CVE-2016-4070
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." May 20, 2016, 06:05 am
CVE-2016-4054
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. April 25, 2016, 09:04 am
CVE-2016-4053
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. April 25, 2016, 09:04 am
CVE-2016-4052
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. April 25, 2016, 09:04 am
CVE-2016-4051
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. April 25, 2016, 09:04 am
CVE-2016-4049
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
quagga The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. May 23, 2016, 14:05 pm
CVE-2016-4037
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. May 23, 2016, 14:05 pm
CVE-2016-4020
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). May 25, 2016, 10:05 am
CVE-2016-4008
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. May 5, 2016, 13:05 pm
CVE-2016-4006
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4002
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. April 26, 2016, 09:04 am
CVE-2016-4001
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. May 23, 2016, 14:05 pm
CVE-2016-3991
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. September 21, 2016, 13:09 pm
CVE-2016-3990
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. September 21, 2016, 13:09 pm
CVE-2016-3977
5.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal giflib Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. April 21, 2016, 09:04 am
CVE-2016-3959
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
go The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. May 23, 2016, 14:05 pm
CVE-2016-3958
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious go Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. May 23, 2016, 14:05 pm
CVE-2016-3955
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. July 3, 2016, 16:07 pm
CVE-2016-3951
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. May 2, 2016, 05:05 am
CVE-2016-3948
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. April 7, 2016, 13:04 pm
CVE-2016-3947
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. April 7, 2016, 13:04 pm
CVE-2016-3945
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. September 21, 2016, 13:09 pm
CVE-2016-3841
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. August 6, 2016, 15:08 pm
CVE-2016-3751
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libpng Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. July 10, 2016, 20:07 pm
CVE-2016-3739
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
curl The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. May 20, 2016, 09:05 am
CVE-2016-3713
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. June 27, 2016, 05:06 am
CVE-2016-3712
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. May 11, 2016, 16:05 pm
CVE-2016-3710
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
helion_openstack The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. May 11, 2016, 16:05 pm
CVE-2016-3707
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. June 27, 2016, 05:06 am
CVE-2016-3706
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. June 10, 2016, 10:06 am
CVE-2016-3705
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
icewall_federation_agent The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. May 17, 2016, 09:05 am
CVE-2016-3699
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. October 7, 2016, 09:10 am
CVE-2016-3697
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious docker libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. June 1, 2016, 15:06 pm
CVE-2016-3695
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. December 29, 2017, 09:12 am
CVE-2016-3689
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. May 2, 2016, 05:05 am
CVE-2016-3672
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. April 27, 2016, 12:04 pm
CVE-2016-3658
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. October 3, 2016, 11:10 am
CVE-2016-3632
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. September 21, 2016, 13:09 pm
CVE-2016-3631
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. October 3, 2016, 11:10 am
CVE-2016-3627
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
icewall_federation_agent The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. May 17, 2016, 09:05 am
CVE-2016-3625
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. October 3, 2016, 11:10 am
CVE-2016-3624
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. October 3, 2016, 11:10 am
CVE-2016-3623
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. October 3, 2016, 11:10 am
CVE-2016-3622
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. October 3, 2016, 11:10 am
CVE-2016-3621
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3620
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3619
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3615
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. July 21, 2016, 05:07 am
CVE-2016-3614
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-3588
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-3521
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. July 21, 2016, 05:07 am
CVE-2016-3518
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3501
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3495
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-3492
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. October 25, 2016, 09:10 am
CVE-2016-3486
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. July 21, 2016, 05:07 am
CVE-2016-3477
8.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. July 21, 2016, 05:07 am
CVE-2016-3471
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. July 21, 2016, 05:07 am
CVE-2016-3459
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-3452
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-3440
7.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3424
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3191
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
pcre The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. March 17, 2016, 18:03 pm
CVE-2016-3190
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
cairo The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. April 21, 2016, 09:04 am
CVE-2016-3189
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bzip2 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. June 30, 2016, 12:06 pm
CVE-2016-3186
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. April 19, 2016, 09:04 am
CVE-2016-3185
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. May 16, 2016, 05:05 am
CVE-2016-3177
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical giflib Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. January 23, 2017, 15:01 pm
CVE-2016-3156
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. April 27, 2016, 12:04 pm
CVE-2016-3142
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PKx05x06 signature at an invalid location. March 31, 2016, 11:03 am
CVE-2016-3141
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. March 31, 2016, 11:03 am
CVE-2016-3140
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-3139
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. April 27, 2016, 12:04 pm
CVE-2016-3138
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. May 2, 2016, 05:05 am
CVE-2016-3137
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. May 2, 2016, 05:05 am
CVE-2016-3136
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. May 2, 2016, 05:05 am
CVE-2016-3135
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. April 27, 2016, 12:04 pm
CVE-2016-3134
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. April 27, 2016, 12:04 pm
CVE-2016-3132
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. August 7, 2016, 05:08 am
CVE-2016-3125
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
proftpd The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. April 5, 2016, 15:04 pm
CVE-2016-3119
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kerberos The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. March 25, 2016, 20:03 pm
CVE-2016-3115
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. March 22, 2016, 05:03 am
CVE-2016-3078
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class. August 7, 2016, 05:08 am
CVE-2016-3075
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. June 1, 2016, 15:06 pm
CVE-2016-3070
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. August 6, 2016, 15:08 pm
CVE-2016-3065
9.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical postgresql The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. April 11, 2016, 10:04 am
CVE-2016-2858
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. April 7, 2016, 14:04 pm
CVE-2016-2857
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. April 11, 2016, 21:04 pm
CVE-2016-2854
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. May 2, 2016, 05:05 am
CVE-2016-2853
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. May 2, 2016, 05:05 am
CVE-2016-2848
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. October 21, 2016, 05:10 am
CVE-2016-2847
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. April 27, 2016, 12:04 pm
CVE-2016-2842
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical openssl The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. March 3, 2016, 14:03 pm
CVE-2016-2841
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. June 16, 2016, 13:06 pm
CVE-2016-2834
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. June 13, 2016, 05:06 am
CVE-2016-2782
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. April 27, 2016, 12:04 pm
CVE-2016-2776
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. September 28, 2016, 05:09 am
CVE-2016-2775
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. July 19, 2016, 17:07 pm
CVE-2016-2774
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dhcp ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. March 9, 2016, 09:03 am
CVE-2016-2572
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. February 26, 2016, 23:02 pm
CVE-2016-2571
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. February 26, 2016, 23:02 pm
CVE-2016-2570
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. February 26, 2016, 23:02 pm
CVE-2016-2569
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. February 26, 2016, 23:02 pm
CVE-2016-2562
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. March 1, 2016, 05:03 am
CVE-2016-2561
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. March 1, 2016, 05:03 am
CVE-2016-2560
6.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. March 1, 2016, 05:03 am
CVE-2016-2559
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. March 1, 2016, 05:03 am
CVE-2016-2554
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. May 16, 2016, 05:05 am
CVE-2016-2550
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. April 27, 2016, 12:04 pm
CVE-2016-2549
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2548
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. April 27, 2016, 12:04 pm
CVE-2016-2547
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2546
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2545
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2544
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. April 27, 2016, 12:04 pm
CVE-2016-2543
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2538
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. June 16, 2016, 13:06 pm
CVE-2016-2532
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2531
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. February 27, 2016, 22:02 pm
CVE-2016-2530
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. February 27, 2016, 22:02 pm
CVE-2016-2529
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. February 27, 2016, 22:02 pm
CVE-2016-2528
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2526
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2525
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2524
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2523
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2522
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2521
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
wireshark Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. February 27, 2016, 22:02 pm
CVE-2016-2519
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. January 30, 2017, 15:01 pm
CVE-2016-2518
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. January 30, 2017, 15:01 pm
CVE-2016-2517
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. January 30, 2017, 15:01 pm
CVE-2016-2516
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. January 30, 2017, 15:01 pm
CVE-2016-2392
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. June 16, 2016, 13:06 pm
CVE-2016-2391
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. June 16, 2016, 13:06 pm
CVE-2016-2390
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. April 19, 2016, 16:04 pm
CVE-2016-2384
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. April 27, 2016, 12:04 pm
CVE-2016-2383
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. April 27, 2016, 12:04 pm
CVE-2016-2381
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
perl Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. April 8, 2016, 10:04 am
CVE-2016-2342
8.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious quagga The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. March 17, 2016, 09:03 am
CVE-2016-2339
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical ruby An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. January 6, 2017, 15:01 pm
CVE-2016-2324
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
git Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. April 8, 2016, 09:04 am
CVE-2016-2315
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
git revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. April 8, 2016, 09:04 am
CVE-2016-2226
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. February 24, 2017, 14:02 pm
CVE-2016-2217
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. January 30, 2017, 16:01 pm
CVE-2016-2198
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2016-2197
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2016-2193
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious postgresql PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. April 11, 2016, 10:04 am
CVE-2016-2188
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2187
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2186
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2185
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2184
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. April 27, 2016, 12:04 pm
CVE-2016-2183
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. August 31, 2016, 19:08 pm
CVE-2016-2182
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. September 16, 2016, 00:09 am
CVE-2016-2181
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. September 16, 2016, 00:09 am
CVE-2016-2180
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. July 31, 2016, 21:07 pm
CVE-2016-2179
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. September 16, 2016, 00:09 am
CVE-2016-2178
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. June 19, 2016, 20:06 pm
CVE-2016-2177
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. June 19, 2016, 20:06 pm
CVE-2016-2176
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. May 4, 2016, 20:05 pm
CVE-2016-2168
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. May 5, 2016, 13:05 pm
CVE-2016-2167
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. May 5, 2016, 13:05 pm
CVE-2016-2161
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious apache2 In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. July 27, 2017, 16:07 pm
CVE-2016-2148
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. February 9, 2017, 09:02 am
CVE-2016-2147
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. February 9, 2017, 09:02 am
CVE-2016-2143
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. April 27, 2016, 12:04 pm
CVE-2016-2126
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal samba Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. May 11, 2017, 09:05 am
CVE-2016-2119
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious samba libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. July 7, 2016, 10:07 am
CVE-2016-2118
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." April 12, 2016, 18:04 pm
CVE-2016-2117
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. May 2, 2016, 05:05 am
CVE-2016-2115
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. April 24, 2016, 19:04 pm
CVE-2016-2114
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. April 24, 2016, 19:04 pm
CVE-2016-2113
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. April 24, 2016, 19:04 pm
CVE-2016-2112
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal samba The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. April 24, 2016, 19:04 pm
CVE-2016-2110
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
samba The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. April 24, 2016, 19:04 pm
CVE-2016-2109
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. May 4, 2016, 20:05 pm
CVE-2016-2108
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. May 4, 2016, 20:05 pm
CVE-2016-2107
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. May 4, 2016, 20:05 pm
CVE-2016-2106
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. May 4, 2016, 20:05 pm
CVE-2016-2105
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssl Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. May 4, 2016, 20:05 pm
CVE-2016-2099
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
xerces_c++ Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. May 13, 2016, 09:05 am
CVE-2016-2090
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. January 13, 2017, 10:01 am
CVE-2016-2088
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. March 9, 2016, 17:03 pm
CVE-2016-2085
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. April 27, 2016, 12:04 pm
CVE-2016-2074
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical openvswitch Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. July 3, 2016, 16:07 pm
CVE-2016-2073
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. February 12, 2016, 09:02 am
CVE-2016-2070
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. May 2, 2016, 05:05 am
CVE-2016-2069
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. April 27, 2016, 12:04 pm
CVE-2016-2068
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609. July 10, 2016, 20:07 pm
CVE-2016-2067
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993. July 10, 2016, 20:07 pm
CVE-2016-2066
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. June 12, 2016, 20:06 pm
CVE-2016-2065
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer. August 7, 2016, 16:08 pm
CVE-2016-2064
8.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands. August 7, 2016, 16:08 pm
CVE-2016-2063
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface. August 7, 2016, 16:08 pm
CVE-2016-2062
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. May 5, 2016, 16:05 pm
CVE-2016-2061
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. June 12, 2016, 20:06 pm
CVE-2016-2059
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. May 5, 2016, 16:05 pm
CVE-2016-2053
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. May 2, 2016, 05:05 am
CVE-2016-2052
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious harfbuzz Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. January 25, 2016, 05:01 am
CVE-2016-2050
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. January 31, 2017, 13:01 pm
CVE-2016-2045
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. February 19, 2016, 19:02 pm
CVE-2016-2044
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. February 19, 2016, 19:02 pm
CVE-2016-2043
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. February 19, 2016, 19:02 pm
CVE-2016-2042
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. February 19, 2016, 19:02 pm
CVE-2016-2041
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. February 19, 2016, 19:02 pm
CVE-2016-2040
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. February 19, 2016, 19:02 pm
CVE-2016-2039
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. February 19, 2016, 19:02 pm
CVE-2016-2038
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. February 19, 2016, 19:02 pm
CVE-2016-2037
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
cpio The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. February 22, 2016, 09:02 am
CVE-2016-1981
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2016-1979
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. March 13, 2016, 13:03 pm
CVE-2016-1978
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. March 13, 2016, 13:03 pm
CVE-2016-1951
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function. August 7, 2016, 14:08 pm
CVE-2016-1950
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. March 13, 2016, 13:03 pm
CVE-2016-1938
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
nss The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. January 31, 2016, 12:01 pm
CVE-2016-1927
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. February 19, 2016, 19:02 pm
CVE-2016-1908
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. April 11, 2017, 13:04 pm
CVE-2016-1907
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. January 18, 2016, 23:01 pm
CVE-2016-1904
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow. January 18, 2016, 23:01 pm
CVE-2016-1903
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
php The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. January 18, 2016, 23:01 pm
CVE-2016-1840
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1839
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1838
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1837
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1836
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1835
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1834
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1833
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libxml2 The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. May 20, 2016, 05:05 am
CVE-2016-1762
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
safari The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. March 23, 2016, 20:03 pm
CVE-2016-1714
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. April 7, 2016, 14:04 pm
CVE-2016-1684
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxslt numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. June 5, 2016, 18:06 pm
CVE-2016-1683
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libxslt numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. June 5, 2016, 18:06 pm
CVE-2016-1583
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. June 27, 2016, 05:06 am
CVE-2016-1576
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. May 2, 2016, 05:05 am
CVE-2016-1575
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. May 2, 2016, 05:05 am
CVE-2016-1568
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. April 11, 2016, 21:04 pm
CVE-2016-1550
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. January 6, 2017, 15:01 pm
CVE-2016-1548
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
ntp An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. January 6, 2017, 15:01 pm
CVE-2016-1547
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. January 6, 2017, 15:01 pm
CVE-2016-1541
8.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. May 7, 2016, 05:05 am
CVE-2016-1504
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. February 7, 2017, 09:02 am
CVE-2016-1503
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
dhcpcd dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. April 17, 2016, 19:04 pm
CVE-2016-1494
5.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal python The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. January 13, 2016, 09:01 am
CVE-2016-1286
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. March 9, 2016, 17:03 pm
CVE-2016-1285
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
bind named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. March 9, 2016, 17:03 pm
CVE-2016-1284
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. February 4, 2016, 05:02 am
CVE-2016-1252
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal apt The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. December 5, 2017, 10:12 am
CVE-2016-1247
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious nginx The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. November 29, 2016, 11:11 am
CVE-2016-1245
9.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical quagga It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. February 22, 2017, 17:02 pm
CVE-2016-1238
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
perl (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. August 2, 2016, 09:08 am
CVE-2016-1237
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. June 29, 2016, 09:06 am
CVE-2016-1234
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. June 1, 2016, 15:06 pm
CVE-2016-1233
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious fuse An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. January 26, 2016, 13:01 pm
CVE-2016-10713
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal patch An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. February 13, 2018, 13:02 pm
CVE-2016-10708
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openssh sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. January 21, 2018, 16:01 pm
CVE-2016-10397
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). July 10, 2017, 09:07 am
CVE-2016-10396
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ipsec-tools The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. July 5, 2017, 20:07 pm
CVE-2016-10377
8.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious openvswitch In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. May 28, 2017, 23:05 pm
CVE-2016-10350
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libarchive The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. April 30, 2017, 20:04 pm
CVE-2016-10349
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libarchive The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. April 30, 2017, 20:04 pm
CVE-2016-10318
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. April 4, 2017, 11:04 am
CVE-2016-10317
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ghostscript The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. April 3, 2017, 15:04 pm
CVE-2016-10296
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782. May 12, 2017, 10:05 am
CVE-2016-10295
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326. May 12, 2017, 10:05 am
CVE-2016-10294
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481. May 12, 2017, 10:05 am
CVE-2016-10293
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943. May 12, 2017, 10:05 am
CVE-2016-10292
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466. May 12, 2017, 10:05 am
CVE-2016-10291
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837. May 12, 2017, 10:05 am
CVE-2016-10290
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782. May 12, 2017, 10:05 am
CVE-2016-10289
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295. May 12, 2017, 10:05 am
CVE-2016-10288
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763. May 12, 2017, 10:05 am
CVE-2016-10287
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751. May 12, 2017, 10:05 am
CVE-2016-10286
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237. May 12, 2017, 10:05 am
CVE-2016-10285
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899. May 12, 2017, 10:05 am
CVE-2016-10284
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664. May 12, 2017, 10:05 am
CVE-2016-10283
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052. May 12, 2017, 10:05 am
CVE-2016-10277
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. May 12, 2017, 10:05 am
CVE-2016-10272
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. March 24, 2017, 14:03 pm
CVE-2016-10271
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. March 24, 2017, 14:03 pm
CVE-2016-10270
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. March 24, 2017, 14:03 pm
CVE-2016-10269
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. March 24, 2017, 14:03 pm
CVE-2016-10268
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tiff tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. March 24, 2017, 14:03 pm
CVE-2016-10267
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. March 24, 2017, 14:03 pm
CVE-2016-10266
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium tiff LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. March 24, 2017, 14:03 pm
CVE-2016-10255
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium elfutils The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. March 23, 2017, 11:03 am
CVE-2016-10254
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium elfutils The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. March 23, 2017, 11:03 am
CVE-2016-10244
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious freetype The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. March 6, 2017, 00:03 am
CVE-2016-10229
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical kernel udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. April 4, 2017, 00:04 am
CVE-2016-10228
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
glibc The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. March 1, 2017, 19:03 pm
CVE-2016-10220
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ghostscript The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. April 3, 2017, 00:04 am
CVE-2016-10219
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ghostscript The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. April 3, 2017, 00:04 am
CVE-2016-10218
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ghostscript The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. April 3, 2017, 00:04 am
CVE-2016-10217
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ghostscript The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. April 3, 2017, 00:04 am
CVE-2016-10209
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. April 3, 2017, 00:04 am
CVE-2016-10208
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. February 6, 2017, 00:02 am
CVE-2016-10200
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. March 7, 2017, 15:03 pm
CVE-2016-10199
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
gstreamer The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. February 9, 2017, 09:02 am
CVE-2016-10198
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gstreamer The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. February 9, 2017, 09:02 am
CVE-2016-10197
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libevent The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. March 15, 2017, 10:03 am
CVE-2016-10196
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libevent Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. March 15, 2017, 10:03 am
CVE-2016-10195
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libevent The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. March 15, 2017, 10:03 am
CVE-2016-10165
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openjdk The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. February 3, 2017, 13:02 pm
CVE-2016-10162
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. January 24, 2017, 15:01 pm
CVE-2016-10161
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. January 24, 2017, 15:01 pm
CVE-2016-10160
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. January 24, 2017, 15:01 pm
CVE-2016-10159
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. January 24, 2017, 15:01 pm
CVE-2016-10158
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. January 24, 2017, 15:01 pm
CVE-2016-10156
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High systemd A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. January 23, 2017, 01:01 am
CVE-2016-10155
2.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. March 15, 2017, 10:03 am
CVE-2016-10154
5.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. February 6, 2017, 00:02 am
CVE-2016-10153
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. February 6, 2017, 00:02 am
CVE-2016-10150
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. February 6, 2017, 00:02 am
CVE-2016-10147
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). January 18, 2017, 15:01 pm
CVE-2016-10095
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. March 1, 2017, 09:03 am
CVE-2016-10094
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. March 1, 2017, 09:03 am
CVE-2016-10093
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. March 1, 2017, 09:03 am
CVE-2016-10092
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
tiff Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. March 1, 2017, 09:03 am
CVE-2016-10088
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. December 30, 2016, 12:12 pm
CVE-2016-10087
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
libpng The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. January 30, 2017, 16:01 pm
CVE-2016-10044
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. February 7, 2017, 01:02 am
CVE-2016-10040
5.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qt Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. March 7, 2017, 09:03 am
CVE-2016-10029
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. February 27, 2017, 16:02 pm
CVE-2016-10028
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
qemu The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. February 27, 2017, 16:02 pm
CVE-2016-10012
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. January 4, 2017, 20:01 pm
CVE-2016-10011
1.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. January 4, 2017, 20:01 pm
CVE-2016-10010
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. January 4, 2017, 20:01 pm
CVE-2016-10009
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
openssh Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. January 4, 2017, 20:01 pm
CVE-2016-10003
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. January 27, 2017, 11:01 am
CVE-2016-10002
7.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
squid Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client