CVE List 2016

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2016-9963
4.3 MV Product/Version
affected:
exim Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. February 1, 2017, 09:02 am
CVE-2016-9962
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
Medium docker RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. January 31, 2017, 16:01 pm
CVE-2016-9953
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. March 12, 2018, 16:03 pm
CVE-2016-9952
8.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by *.com. March 12, 2018, 16:03 pm
CVE-2016-9936
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
php The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. January 4, 2017, 14:01 pm
CVE-2016-9935
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
php The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. January 4, 2017, 14:01 pm
CVE-2016-9934
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
php ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. January 4, 2017, 14:01 pm
CVE-2016-9933
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
php Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. January 4, 2017, 14:01 pm
CVE-2016-9923
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
qemu Quick Emulator (Qemu) built with the chardev backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. December 23, 2016, 16:12 pm
CVE-2016-9922
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. March 27, 2017, 10:03 am
CVE-2016-9921
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. December 23, 2016, 16:12 pm
CVE-2016-9919
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. December 8, 2016, 11:12 am
CVE-2016-9918
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious bluez In BlueZ 5.42, an out-of-bounds read was identified in packet_hexdump function in monitor/packet.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 8, 2016, 02:12 am
CVE-2016-9917
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious bluez In BlueZ 5.42, a buffer overflow was observed in read_n function in tools/hcidump.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 8, 2016, 02:12 am
CVE-2016-9916
2.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. December 29, 2016, 16:12 pm
CVE-2016-9915
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
qemu Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. December 29, 2016, 16:12 pm
CVE-2016-9914
2.3 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. December 29, 2016, 16:12 pm
CVE-2016-9913
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
qemu Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. December 29, 2016, 16:12 pm
CVE-2016-9912
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
qemu Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in virtio_gpu_resource_destroy. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. December 23, 2016, 16:12 pm
CVE-2016-9911
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in ehci_init_transfer. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. December 23, 2016, 16:12 pm
CVE-2016-9908
2.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing VIRTIO_GPU_CMD_GET_CAPSET command. A guest user/process could use this flaw to leak contents of the host memory bytes. December 23, 2016, 16:12 pm
CVE-2016-9907
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in usbredir_handle_destroy. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. December 23, 2016, 16:12 pm
CVE-2016-9877
9.8 MV Product/Version
affected:
Critical rabbitmq An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. December 29, 2016, 03:12 am
CVE-2016-9866
9.8 MV Product/Version
affected:
Critical phpmyadmin An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9865
9.8 MV Product/Version
affected:
Critical phpmyadmin An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9864
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9863
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. December 10, 2016, 21:12 pm
CVE-2016-9862
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. December 10, 2016, 21:12 pm
CVE-2016-9861
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9860
5.9 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg[AllowArbitraryServer]=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 21:12 pm
CVE-2016-9859
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9858
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9857
6.1 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9856
6.1 MV Product/Version
affected:
Normal phpmyadmin An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9855
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. December 10, 2016, 20:12 pm
CVE-2016-9854
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. December 10, 2016, 20:12 pm
CVE-2016-9853
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. December 10, 2016, 20:12 pm
CVE-2016-9852
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. December 10, 2016, 20:12 pm
CVE-2016-9851
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. December 10, 2016, 20:12 pm
CVE-2016-9850
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9849
9.8 MV Product/Version
affected:
Critical phpmyadmin An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg[Servers][$i][AllowRoot]) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9848
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9847
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the users blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. December 10, 2016, 20:12 pm
CVE-2016-9846
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
qemu QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. December 29, 2016, 16:12 pm
CVE-2016-9845
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing VIRTIO_GPU_CMD_GET_CAPSET_INFO command. A guest user/process could use this flaw to leak contents of the host memory bytes. December 29, 2016, 16:12 pm
CVE-2016-9844
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
zip Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. January 18, 2017, 11:01 am
CVE-2016-9843
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical zlib The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. May 22, 2017, 23:05 pm
CVE-2016-9842
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
zlib The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. May 22, 2017, 23:05 pm
CVE-2016-9841
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
zlib inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. May 22, 2017, 23:05 pm
CVE-2016-9840
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
zlib inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. May 22, 2017, 23:05 pm
CVE-2016-9813
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. January 13, 2017, 10:01 am
CVE-2016-9812
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. January 13, 2017, 10:01 am
CVE-2016-9811
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
gstreamer The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. January 13, 2017, 10:01 am
CVE-2016-9810
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
gstreamer The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. January 13, 2017, 10:01 am
CVE-2016-9809
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
gstreamer Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. January 13, 2017, 10:01 am
CVE-2016-9808
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
gstreamer The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. January 13, 2017, 10:01 am
CVE-2016-9807
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
gstreamer The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. January 13, 2017, 10:01 am
CVE-2016-9806
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. December 28, 2016, 01:12 am
CVE-2016-9804
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, a buffer overflow was observed in commands_dump function in tools/parser/csr.c source file. The issue exists because commands array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame frm->ptr parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9803
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, an out-of-bounds read was observed in le_meta_ev_dump function in tools/parser/hci.c source file. This issue exists because subevent (which is used to read correct element from ev_le_meta_str array) is overflowed. December 3, 2016, 00:12 am
CVE-2016-9802
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, a buffer over-read was identified in l2cap_packet function in monitor/packet.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 3, 2016, 00:12 am
CVE-2016-9801
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Normal bluez In BlueZ 5.42, a buffer overflow was observed in set_ext_ctrl function in tools/parser/l2cap.c source file when processing corrupted dump file. December 3, 2016, 00:12 am
CVE-2016-9800
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, a buffer overflow was observed in pin_code_reply_dump function in tools/parser/hci.c source file. The issue exists because pin array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame pin_code_reply_cp *cp parameter. December 3, 2016, 00:12 am
CVE-2016-9799
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, a buffer overflow was observed in pklg_read_hci function in btsnoop.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. December 3, 2016, 00:12 am
CVE-2016-9798
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal bluez In BlueZ 5.42, a use-after-free was identified in conf_opt function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9797
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Normal bluez In BlueZ 5.42, a buffer over-read was observed in l2cap_dump function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. December 3, 2016, 00:12 am
CVE-2016-9794
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. December 28, 2016, 01:12 am
CVE-2016-9793
6.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
kernel The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. December 28, 2016, 01:12 am
CVE-2016-9778
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-9777
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. December 28, 2016, 01:12 am
CVE-2016-9776
2.6 MV Product/Version
affected:
CGX 2.0 Resolved
qemu QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in mcf_fec_receive. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. December 29, 2016, 16:12 pm
CVE-2016-9756
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. December 28, 2016, 01:12 am
CVE-2016-9755
5.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. December 28, 2016, 01:12 am
CVE-2016-9754
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. January 5, 2017, 05:01 am
CVE-2016-9685
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. December 28, 2016, 01:12 am
CVE-2016-9644
9.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. November 27, 2016, 21:11 pm
CVE-2016-9643
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious webkit The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). March 7, 2017, 10:03 am
CVE-2016-9642
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. February 3, 2017, 09:02 am
CVE-2016-9636
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
gstreamer1.0 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a write count that goes beyond the initialized buffer. January 27, 2017, 16:01 pm
CVE-2016-9635
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
gstreamer1.0 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a skip count that goes beyond initialized buffer. January 27, 2017, 16:01 pm
CVE-2016-9634
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
gstreamer1.0 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. January 27, 2017, 16:01 pm
CVE-2016-9604
4.4 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
CGX 2.4 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as .dns_resolver in RHEL-7 or .builtin_trusted_keys upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. July 11, 2018, 08:07 am
CVE-2016-9603
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 16, 2017, 11:03 am
CVE-2016-9602
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 23, 2017, 18:01 pm
CVE-2016-9601
7.5 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
Serious ghostscript ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. April 23, 2018, 20:04 pm
CVE-2016-9594
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 9, 2017, 20:01 pm
CVE-2016-9588
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. December 28, 2016, 01:12 am
CVE-2016-9586
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 21, 2016, 19:12 pm
CVE-2016-9584
5.8 MV Product/Version
affected:
CGX 2.0 Resolved
libical libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. January 18, 2017, 11:01 am
CVE-2016-9576
6.2 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 1.8 In progress
CGX 2.2 Resolved
kernel The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. December 28, 2016, 01:12 am
CVE-2016-9574
5.9 MV Product/Version
affected:
Normal nss nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. July 19, 2018, 08:07 am
CVE-2016-9555
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 6.0 Resolved
kernel The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. November 27, 2016, 21:11 pm
CVE-2016-9540
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka cpStripToTile heap-buffer-overflow. November 22, 2016, 13:11 pm
CVE-2016-9539
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. November 22, 2016, 13:11 pm
CVE-2016-9538
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. November 22, 2016, 13:11 pm
CVE-2016-9537
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. November 22, 2016, 13:11 pm
CVE-2016-9536
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka t2p_process_jpeg_strip heap-buffer-overflow. November 22, 2016, 13:11 pm
CVE-2016-9535
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. November 22, 2016, 13:11 pm
CVE-2016-9534
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didnt reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka TIFFFlushData1 heap-buffer-overflow. November 22, 2016, 13:11 pm
CVE-2016-9533
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
tiff tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka PixarLog horizontalDifference heap-buffer-overflow. November 22, 2016, 13:11 pm
CVE-2016-9532
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
tiff Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. February 6, 2017, 11:02 am
CVE-2016-9453
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
tiff The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. January 27, 2017, 11:01 am
CVE-2016-9448
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
tiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. January 27, 2017, 11:01 am
CVE-2016-9447
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
gstreamer The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file. January 23, 2017, 15:01 pm
CVE-2016-9446
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
gstreamer The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. January 23, 2017, 15:01 pm
CVE-2016-9445
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
gstreamer Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. January 23, 2017, 15:01 pm
CVE-2016-9444
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High bind named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. January 12, 2017, 00:01 am
CVE-2016-9427
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical bdwgc Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. December 11, 2016, 20:12 pm
CVE-2016-9401
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
bash popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. January 23, 2017, 15:01 pm
CVE-2016-9381
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious qemu Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a double fetch vulnerability. January 23, 2017, 15:01 pm
CVE-2016-9376
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. November 16, 2016, 23:11 pm
CVE-2016-9375
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. November 16, 2016, 23:11 pm
CVE-2016-9374
5.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. November 16, 2016, 23:11 pm
CVE-2016-9373
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. November 16, 2016, 23:11 pm
CVE-2016-9372
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. November 16, 2016, 23:11 pm
CVE-2016-9318
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
High libxml2 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. November 15, 2016, 18:11 pm
CVE-2016-9313
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. November 27, 2016, 21:11 pm
CVE-2016-9312
7.5 MV Product/Version
affected:
High ntp ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. January 13, 2017, 10:01 am
CVE-2016-9311
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
ntp ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. January 13, 2017, 10:01 am
CVE-2016-9310
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
ntp The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. January 13, 2017, 10:01 am
CVE-2016-9297
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. January 18, 2017, 11:01 am
CVE-2016-9273
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
tiff tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. January 18, 2017, 11:01 am
CVE-2016-9191
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. November 27, 2016, 21:11 pm
CVE-2016-9178
1.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. November 27, 2016, 21:11 pm
CVE-2016-9147
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High bind named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. January 12, 2017, 00:01 am
CVE-2016-9138
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 In progress
CGX 2.2 Resolved
CGE 7.0 Resolved
php PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. January 4, 2017, 14:01 pm
CVE-2016-9137
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
modphp Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. January 4, 2017, 14:01 pm
CVE-2016-9131
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
bind named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. January 12, 2017, 00:01 am
CVE-2016-9120
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. December 8, 2016, 15:12 pm
CVE-2016-9106
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. December 9, 2016, 16:12 pm
CVE-2016-9105
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. December 9, 2016, 16:12 pm
CVE-2016-9104
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. December 9, 2016, 16:12 pm
CVE-2016-9103
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. December 9, 2016, 16:12 pm
CVE-2016-9102
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number. December 9, 2016, 16:12 pm
CVE-2016-9101
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
qemu Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. December 9, 2016, 16:12 pm
CVE-2016-9084
3.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. November 27, 2016, 21:11 pm
CVE-2016-9083
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. November 27, 2016, 21:11 pm
CVE-2016-9082
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
cairo Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. February 3, 2017, 09:02 am
CVE-2016-9063
3.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Low expect ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 25, 2017, 02:07 am
CVE-2016-9042
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 24, 2017, 21:03 pm
CVE-2016-8910
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
qemu The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. November 4, 2016, 16:11 pm
CVE-2016-8909
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. November 4, 2016, 16:11 pm
CVE-2016-8867
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious docker Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. October 28, 2016, 10:10 am
CVE-2016-8864
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High bind named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. November 2, 2016, 12:11 pm
CVE-2016-8858
3.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssh ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that OpenSSH upstream does not consider this as a security issue. December 9, 2016, 05:12 am
CVE-2016-8743
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal apache2 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. July 27, 2017, 16:07 pm
CVE-2016-8740
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
apache2 The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. December 5, 2016, 13:12 pm
CVE-2016-8734
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 2.2 In progress
Normal subversion Subversions mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. October 16, 2017, 08:10 am
CVE-2016-8689
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Serious libarchive The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. February 15, 2017, 13:02 pm
CVE-2016-8688
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
libarchive The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. February 15, 2017, 13:02 pm
CVE-2016-8687
1.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
libarchive Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. February 15, 2017, 13:02 pm
CVE-2016-8669
2.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. November 4, 2016, 16:11 pm
CVE-2016-8668
3.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. November 4, 2016, 16:11 pm
CVE-2016-8667
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. November 4, 2016, 16:11 pm
CVE-2016-8666
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
kernel The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. October 16, 2016, 16:10 pm
CVE-2016-8660
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 In progress
CGX 2.2 Resolved
kernel The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a page lock order bug in the XFS seek hole/data implementation. October 16, 2016, 16:10 pm
CVE-2016-8658
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. October 16, 2016, 16:10 pm
CVE-2016-8655
6.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
kernel Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. December 8, 2016, 02:12 am
CVE-2016-8650
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. November 27, 2016, 21:11 pm
CVE-2016-8649
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
lxc lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the hosts /proc, to access the rest of the hosts filesystem via the openat() family of syscalls. May 1, 2017, 01:05 am
CVE-2016-8646
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. November 27, 2016, 21:11 pm
CVE-2016-8645
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
kernel The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. November 27, 2016, 21:11 pm
CVE-2016-8636
5.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the RDMA protocol over infiniband (aka Soft RoCE) technology. February 22, 2017, 10:02 am
CVE-2016-8635
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
nss ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 9, 2016, 01:12 am
CVE-2016-8633
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
kernel drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. November 27, 2016, 21:11 pm
CVE-2016-8632
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. November 27, 2016, 21:11 pm
CVE-2016-8630
5.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. November 27, 2016, 21:11 pm
CVE-2016-8625
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 17:11 pm
CVE-2016-8624
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8623
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8622
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 16:11 pm
CVE-2016-8621
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8620
5.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8619
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8618
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8617
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8616
2.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. November 2, 2016, 16:11 pm
CVE-2016-8615
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2016-8610
7.0 MV Product/Version
affected:
CGX 1.8 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
openssl A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. November 13, 2017, 16:11 pm
CVE-2016-8606
5.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
guile The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. January 12, 2017, 16:01 pm
CVE-2016-8605
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
guile The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. January 12, 2017, 16:01 pm
CVE-2016-8602
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. April 14, 2017, 13:04 pm
CVE-2016-8601
4.35 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a generally available software product. Notes: none. December 6, 2016, 12:12 pm
CVE-2016-8578
2.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. November 4, 2016, 16:11 pm
CVE-2016-8577
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
qemu Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. November 4, 2016, 16:11 pm
CVE-2016-8576
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. November 4, 2016, 16:11 pm
CVE-2016-8575
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. January 27, 2017, 19:01 pm
CVE-2016-8574
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). January 27, 2017, 19:01 pm
CVE-2016-8483
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099. March 7, 2017, 19:03 pm
CVE-2016-8481
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. February 8, 2017, 09:02 am
CVE-2016-8480
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. February 8, 2017, 09:02 am
CVE-2016-8479
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. March 7, 2017, 19:03 pm
CVE-2016-8478
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206. March 7, 2017, 19:03 pm
CVE-2016-8477
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007. March 7, 2017, 19:03 pm
CVE-2016-8476
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. February 8, 2017, 09:02 am
CVE-2016-8475
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129. January 12, 2017, 14:01 pm
CVE-2016-8474
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. January 12, 2017, 14:01 pm
CVE-2016-8473
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. January 12, 2017, 14:01 pm
CVE-2016-8469
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. January 12, 2017, 14:01 pm
CVE-2016-8468
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. January 12, 2017, 14:01 pm
CVE-2016-8466
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31822524. References: B-RB#105268. January 12, 2017, 14:01 pm
CVE-2016-8465
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053. January 12, 2017, 14:01 pm
CVE-2016-8464
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314. January 12, 2017, 14:01 pm
CVE-2016-8463
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855. January 12, 2017, 14:01 pm
CVE-2016-8461
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621. January 12, 2017, 14:01 pm
CVE-2016-8460
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. January 12, 2017, 14:01 pm
CVE-2016-8459
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462. January 12, 2017, 14:01 pm
CVE-2016-8458
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442. January 12, 2017, 14:01 pm
CVE-2016-8457
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. January 12, 2017, 14:01 pm
CVE-2016-8456
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580. January 12, 2017, 14:01 pm
CVE-2016-8455
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311. January 12, 2017, 14:01 pm
CVE-2016-8454
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32174590. References: B-RB#107142. January 12, 2017, 14:01 pm
CVE-2016-8453
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392. January 12, 2017, 14:01 pm
CVE-2016-8452
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32506396. References: QC-CR#1050323. January 12, 2017, 14:01 pm
CVE-2016-8451
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033. January 12, 2017, 14:01 pm
CVE-2016-8450
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388. January 12, 2017, 14:01 pm
CVE-2016-8449
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31798848. References: N-CVE-2016-8449. January 12, 2017, 14:01 pm
CVE-2016-8444
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. January 12, 2017, 14:01 pm
CVE-2016-8443
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. January 12, 2017, 14:01 pm
CVE-2016-8442
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. January 12, 2017, 14:01 pm
CVE-2016-8441
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769. January 12, 2017, 14:01 pm
CVE-2016-8440
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical kernel Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747. January 12, 2017, 14:01 pm
CVE-2016-8439
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804. January 12, 2017, 14:01 pm
CVE-2016-8438
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical kernel Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638. January 12, 2017, 14:01 pm
CVE-2016-8437
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. January 12, 2017, 14:01 pm
CVE-2016-8436
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. January 12, 2017, 14:01 pm
CVE-2016-8435
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435. January 12, 2017, 14:01 pm
CVE-2016-8434
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855. January 12, 2017, 14:01 pm
CVE-2016-8432
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. January 12, 2017, 14:01 pm
CVE-2016-8431
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. January 12, 2017, 14:01 pm
CVE-2016-8430
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430. January 12, 2017, 14:01 pm
CVE-2016-8429
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429. January 12, 2017, 14:01 pm
CVE-2016-8428
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428. January 12, 2017, 14:01 pm
CVE-2016-8427
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. January 12, 2017, 14:01 pm
CVE-2016-8426
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426. January 12, 2017, 14:01 pm
CVE-2016-8425
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425. January 12, 2017, 14:01 pm
CVE-2016-8424
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424. January 12, 2017, 14:01 pm
CVE-2016-8421
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. February 8, 2017, 09:02 am
CVE-2016-8420
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. February 8, 2017, 09:02 am
CVE-2016-8419
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. February 8, 2017, 09:02 am
CVE-2016-8417
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32342399. References: QC-CR#1088824. March 7, 2017, 19:03 pm
CVE-2016-8416
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206. March 7, 2017, 19:03 pm
CVE-2016-8415
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596. January 12, 2017, 14:01 pm
CVE-2016-8414
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. February 8, 2017, 09:02 am
CVE-2016-8413
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731. March 7, 2017, 19:03 pm
CVE-2016-8412
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891. January 12, 2017, 14:01 pm
CVE-2016-8410
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010. January 12, 2017, 09:01 am
CVE-2016-8409
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409. January 12, 2017, 09:01 am
CVE-2016-8408
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408. January 12, 2017, 09:01 am
CVE-2016-8407
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656. January 12, 2017, 09:01 am
CVE-2016-8406
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. January 12, 2017, 09:01 am
CVE-2016-8405
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010. January 12, 2017, 09:01 am
CVE-2016-8404
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. January 12, 2017, 09:01 am
CVE-2016-8403
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. January 12, 2017, 09:01 am
CVE-2016-8402
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231. January 12, 2017, 09:01 am
CVE-2016-8401
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. January 12, 2017, 09:01 am
CVE-2016-8400
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400. January 12, 2017, 09:01 am
CVE-2016-8399
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. January 12, 2017, 09:01 am
CVE-2016-8398
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical kernel Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705. January 12, 2017, 14:01 pm
CVE-2016-8397
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397. January 12, 2017, 09:01 am
CVE-2016-8395
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395. January 12, 2017, 09:01 am
CVE-2016-8394
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. January 12, 2017, 09:01 am
CVE-2016-8393
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920. January 12, 2017, 09:01 am
CVE-2016-8392
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136. January 12, 2017, 09:01 am
CVE-2016-8391
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166. January 12, 2017, 09:01 am
CVE-2016-8339
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical redis A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. October 28, 2016, 09:10 am
CVE-2016-8331
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
tiff An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFFs tag extension functionality. October 28, 2016, 15:10 pm
CVE-2016-8327
4.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2016-8318
6.8 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2016-8290
4.4 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. October 25, 2016, 09:10 am
CVE-2016-8289
4.7 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-8288
3.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. October 25, 2016, 09:10 am
CVE-2016-8287
4.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. October 25, 2016, 09:10 am
CVE-2016-8286
3.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. October 25, 2016, 09:10 am
CVE-2016-8284
1.8 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. October 25, 2016, 09:10 am
CVE-2016-8283
4.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. October 25, 2016, 09:10 am
CVE-2016-7995
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. December 9, 2016, 18:12 pm
CVE-2016-7994
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
qemu Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. December 9, 2016, 18:12 pm
CVE-2016-7993
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). January 27, 2017, 19:01 pm
CVE-2016-7992
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7986
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7985
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). January 27, 2017, 19:01 pm
CVE-2016-7984
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). January 27, 2017, 19:01 pm
CVE-2016-7983
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). January 27, 2017, 19:01 pm
CVE-2016-7979
5.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. May 22, 2017, 23:05 pm
CVE-2016-7978
5.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ghostscript Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. May 22, 2017, 23:05 pm
CVE-2016-7977
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. May 22, 2017, 23:05 pm
CVE-2016-7976
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ghostscript The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. August 7, 2017, 15:08 pm
CVE-2016-7975
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). January 27, 2017, 19:01 pm
CVE-2016-7974
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7973
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7958
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. April 12, 2017, 05:04 am
CVE-2016-7957
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. April 12, 2017, 05:04 am
CVE-2016-7953
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libxvmc Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. December 13, 2016, 14:12 pm
CVE-2016-7952
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
libxtst X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. December 13, 2016, 14:12 pm
CVE-2016-7951
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
libxtst Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. December 13, 2016, 14:12 pm
CVE-2016-7950
5.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libxrender The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. December 13, 2016, 14:12 pm
CVE-2016-7949
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
libxrender Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7948
5.4 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
libxrandr X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. December 13, 2016, 14:12 pm
CVE-2016-7947
5.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libxrandr Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. December 13, 2016, 14:12 pm
CVE-2016-7946
2.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
libxi X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7945
5.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
libxi Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. December 13, 2016, 14:12 pm
CVE-2016-7944
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
libxfixes Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. December 13, 2016, 14:12 pm
CVE-2016-7943
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
libx11 The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. December 13, 2016, 14:12 pm
CVE-2016-7942
2.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
libx11 The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. December 13, 2016, 14:12 pm
CVE-2016-7940
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7939
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. January 27, 2017, 19:01 pm
CVE-2016-7938
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). January 27, 2017, 19:01 pm
CVE-2016-7937
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). January 27, 2017, 19:01 pm
CVE-2016-7936
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). January 27, 2017, 19:01 pm
CVE-2016-7935
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). January 27, 2017, 19:01 pm
CVE-2016-7934
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). January 27, 2017, 19:01 pm
CVE-2016-7933
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7932
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). January 27, 2017, 19:01 pm
CVE-2016-7931
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). January 27, 2017, 19:01 pm
CVE-2016-7930
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). January 27, 2017, 19:01 pm
CVE-2016-7929
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). January 27, 2017, 19:01 pm
CVE-2016-7928
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). January 27, 2017, 19:01 pm
CVE-2016-7927
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). January 27, 2017, 19:01 pm
CVE-2016-7926
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). January 27, 2017, 19:01 pm
CVE-2016-7925
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). January 27, 2017, 19:01 pm
CVE-2016-7924
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). January 27, 2017, 19:01 pm
CVE-2016-7923
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). January 27, 2017, 19:01 pm
CVE-2016-7922
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). January 27, 2017, 19:01 pm
CVE-2016-7917
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch messages length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. November 15, 2016, 23:11 pm
CVE-2016-7916
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. November 15, 2016, 23:11 pm
CVE-2016-7915
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. November 15, 2016, 23:11 pm
CVE-2016-7914
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. November 15, 2016, 23:11 pm
CVE-2016-7913
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. November 15, 2016, 23:11 pm
CVE-2016-7912
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. November 15, 2016, 23:11 pm
CVE-2016-7911
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. November 15, 2016, 23:11 pm
CVE-2016-7910
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. November 15, 2016, 23:11 pm
CVE-2016-7909
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
qemu The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. October 5, 2016, 11:10 am
CVE-2016-7908
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. October 5, 2016, 11:10 am
CVE-2016-7907
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. October 5, 2016, 11:10 am
CVE-2016-7837
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious bluez Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. June 9, 2017, 11:06 am
CVE-2016-7798
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
ruby The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. January 30, 2017, 16:01 pm
CVE-2016-7797
7.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
pacemaker Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. March 24, 2017, 10:03 am
CVE-2016-7796
5.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
systemd The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. October 13, 2016, 09:10 am
CVE-2016-7795
5.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
systemd The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. October 13, 2016, 09:10 am
CVE-2016-7545
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
policycoreutils SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. January 19, 2017, 14:01 pm
CVE-2016-7543
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
bash Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. January 19, 2017, 14:01 pm
CVE-2016-7480
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. January 11, 2017, 01:01 am
CVE-2016-7479
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php In all versions of PHP 7, during the unserialization process, resizing the properties hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. January 11, 2017, 18:01 pm
CVE-2016-7478
7.5 MV Product/Version
affected:
Serious php Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. January 11, 2017, 00:01 am
CVE-2016-7466
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. December 9, 2016, 18:12 pm
CVE-2016-7444
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
gnutls The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. September 27, 2016, 10:09 am
CVE-2016-7440
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal mysql mariadb The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. December 13, 2016, 10:12 am
CVE-2016-7434
3.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
ntp The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. January 13, 2017, 10:01 am
CVE-2016-7433
1.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
ntp NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a root distance that did not include the peer dispersion. January 13, 2017, 10:01 am
CVE-2016-7431
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
ntp NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. January 13, 2017, 10:01 am
CVE-2016-7429
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ntp NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. January 13, 2017, 10:01 am
CVE-2016-7428
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
ntp ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. January 13, 2017, 10:01 am
CVE-2016-7427
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
ntp The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. January 13, 2017, 10:01 am
CVE-2016-7426
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
ntp NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. January 13, 2017, 10:01 am
CVE-2016-7425
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
kernel The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. October 16, 2016, 16:10 pm
CVE-2016-7423
3.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. October 10, 2016, 11:10 am
CVE-2016-7422
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. December 9, 2016, 18:12 pm
CVE-2016-7421
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. December 9, 2016, 18:12 pm
CVE-2016-7418
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. September 17, 2016, 16:09 pm
CVE-2016-7417
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. September 17, 2016, 16:09 pm
CVE-2016-7416
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. September 17, 2016, 16:09 pm
CVE-2016-7415
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
icu Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. September 17, 2016, 16:09 pm
CVE-2016-7414
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. September 17, 2016, 16:09 pm
CVE-2016-7413
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. September 17, 2016, 16:09 pm
CVE-2016-7412
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. September 17, 2016, 16:09 pm
CVE-2016-7411
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
php ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. September 17, 2016, 16:09 pm
CVE-2016-7180
5.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7179
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal wireshark Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7178
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7177
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7176
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7175
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. September 9, 2016, 05:09 am
CVE-2016-7170
3.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. December 9, 2016, 18:12 pm
CVE-2016-7167
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
curl Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. October 7, 2016, 09:10 am
CVE-2016-7166
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
libarchive libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. September 21, 2016, 09:09 am
CVE-2016-7161
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
qemu Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. October 5, 2016, 11:10 am
CVE-2016-7157
2.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. December 9, 2016, 18:12 pm
CVE-2016-7156
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. December 9, 2016, 18:12 pm
CVE-2016-7155
3.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. December 9, 2016, 18:12 pm
CVE-2016-7141
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libcurl curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. October 3, 2016, 16:10 pm
CVE-2016-7134
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call. September 11, 2016, 20:09 pm
CVE-2016-7133
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
php Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. September 11, 2016, 20:09 pm
CVE-2016-7132
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. September 11, 2016, 20:09 pm
CVE-2016-7131
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. September 11, 2016, 20:09 pm
CVE-2016-7130
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. September 11, 2016, 20:09 pm
CVE-2016-7129
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. September 11, 2016, 20:09 pm
CVE-2016-7128
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. September 11, 2016, 20:09 pm
CVE-2016-7127
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. September 11, 2016, 20:09 pm
CVE-2016-7126
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
php The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. September 11, 2016, 20:09 pm
CVE-2016-7125
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. September 11, 2016, 20:09 pm
CVE-2016-7124
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. September 11, 2016, 20:09 pm
CVE-2016-7118
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel fs/fcntl.c in the aufs 3.2.x+setfl-debian patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem. August 31, 2016, 09:08 am
CVE-2016-7117
10.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. October 10, 2016, 06:10 am
CVE-2016-7116
3.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. December 9, 2016, 18:12 pm
CVE-2016-7098
2.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
wget Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. September 26, 2016, 09:09 am
CVE-2016-7097
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
kernel The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. October 16, 2016, 16:10 pm
CVE-2016-7076
6.4 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 In progress
Normal sudo sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. May 29, 2018, 08:05 am
CVE-2016-7056
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
openssl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. January 23, 2017, 18:01 pm
CVE-2016-7055
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
openssl There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attackers direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. May 4, 2017, 15:05 pm
CVE-2016-7054
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious openssl In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. May 4, 2017, 14:05 pm
CVE-2016-7053
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious openssl In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. May 4, 2017, 14:05 pm
CVE-2016-7052
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. September 26, 2016, 14:09 pm
CVE-2016-7048
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
Serious postgresql ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 3, 2018, 10:08 am
CVE-2016-7042
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. October 16, 2016, 16:10 pm
CVE-2016-7039
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
kernel The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. October 16, 2016, 16:10 pm
CVE-2016-7035
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
pacemaker ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 20:07 pm
CVE-2016-7032
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
Serious sudo sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. April 14, 2017, 13:04 pm
CVE-2016-6888
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. December 9, 2016, 18:12 pm
CVE-2016-6836
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. December 9, 2016, 18:12 pm
CVE-2016-6835
3.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length. December 9, 2016, 18:12 pm
CVE-2016-6834
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. December 9, 2016, 18:12 pm
CVE-2016-6833
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. December 9, 2016, 18:12 pm
CVE-2016-6828
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
kernel The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. October 16, 2016, 16:10 pm
CVE-2016-6791
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809. January 12, 2017, 09:01 am
CVE-2016-6790
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790. January 12, 2017, 09:01 am
CVE-2016-6789
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. January 12, 2017, 09:01 am
CVE-2016-6787
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. December 28, 2016, 01:12 am
CVE-2016-6786
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. December 28, 2016, 01:12 am
CVE-2016-6785
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31748056. References: MT-ALPS02961400. January 12, 2017, 09:01 am
CVE-2016-6782
7.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. January 12, 2017, 09:01 am
CVE-2016-6781
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455. January 12, 2017, 09:01 am
CVE-2016-6780
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496. January 12, 2017, 09:01 am
CVE-2016-6779
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. January 12, 2017, 09:01 am
CVE-2016-6778
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646. January 12, 2017, 09:01 am
CVE-2016-6777
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. January 12, 2017, 09:01 am
CVE-2016-6776
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. January 12, 2017, 09:01 am
CVE-2016-6775
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. January 12, 2017, 09:01 am
CVE-2016-6761
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792. January 12, 2017, 09:01 am
CVE-2016-6760
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. January 12, 2017, 09:01 am
CVE-2016-6759
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766. January 12, 2017, 09:01 am
CVE-2016-6758
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. January 12, 2017, 09:01 am
CVE-2016-6757
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821. January 12, 2017, 09:01 am
CVE-2016-6756
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. January 12, 2017, 09:01 am
CVE-2016-6755
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. January 12, 2017, 09:01 am
CVE-2016-6664
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
mysql5 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. December 13, 2016, 15:12 pm
CVE-2016-6663
3.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
mysql5 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. December 13, 2016, 15:12 pm
CVE-2016-6662
10.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
mysql5 Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracles October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. September 20, 2016, 13:09 pm
CVE-2016-6633
8.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6632
5.9 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6631
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6630
6.5 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6629
9.8 MV Product/Version
affected:
Critical phpmyadmin An issue was discovered in phpMyAdmin involving the $cfg[ArbitraryServerRegexp] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6628
6.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6627
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6626
5.4 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6625
4.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The users session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6624
5.9 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6623
6.5 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6622
5.9 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg[AllowArbitraryServer]=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6621
8.6 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. January 31, 2017, 13:01 pm
CVE-2016-6620
9.8 MV Product/Version
affected:
Critical phpmyadmin An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that its valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6619
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6618
6.5 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6617
8.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. December 10, 2016, 20:12 pm
CVE-2016-6616
7.5 MV Product/Version
affected:
Serious phpmyadmin An issue was discovered in phpMyAdmin. In the User group and Designer features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. December 10, 2016, 20:12 pm
CVE-2016-6615
6.1 MV Product/Version
affected:
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the Tracking feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. December 10, 2016, 20:12 pm
CVE-2016-6614
6.8 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6613
5.3 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6612
6.5 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6611
8.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6610
4.3 MV Product/Version
affected:
Normal phpmyadmin A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6609
8.8 MV Product/Version
affected:
Serious phpmyadmin An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6608
6.1 MV Product/Version
affected:
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the Remove partitioning functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. December 10, 2016, 20:12 pm
CVE-2016-6607
6.1 MV Product/Version
affected:
Normal phpmyadmin XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6606
8.1 MV Product/Version
affected:
Serious phpmyadmin An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a users browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. December 10, 2016, 20:12 pm
CVE-2016-6595
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal docker ** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (its actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We cant do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability. January 4, 2017, 14:01 pm
CVE-2016-6516
6.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a double fetch vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6515
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
openssh The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. August 7, 2016, 16:08 pm
CVE-2016-6513
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6512
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. August 6, 2016, 18:08 pm
CVE-2016-6511
4.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6510
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6509
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
wireshark epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6508
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6507
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6506
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6505
4.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6504
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6503
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 6, 2016, 18:08 pm
CVE-2016-6490
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer. December 9, 2016, 18:12 pm
CVE-2016-6489
5.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
nettle The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. April 14, 2017, 13:04 pm
CVE-2016-6480
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6354
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
flex Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. September 21, 2016, 09:09 am
CVE-2016-6352
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
gdk-pixbuf The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. October 3, 2016, 13:10 pm
CVE-2016-6351
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. September 7, 2016, 13:09 pm
CVE-2016-6329
5.9 MV Product/Version
affected:
Normal openvpn OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a Sweet32 attack. January 31, 2017, 16:01 pm
CVE-2016-6327
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. October 16, 2016, 16:10 pm
CVE-2016-6323
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
gcc The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. October 7, 2016, 09:10 am
CVE-2016-6321
5.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
tar Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. December 9, 2016, 16:12 pm
CVE-2016-6318
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
cracklib Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. September 7, 2016, 14:09 pm
CVE-2016-6313
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libgcrypt The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. December 13, 2016, 14:12 pm
CVE-2016-6309
10.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. September 26, 2016, 14:09 pm
CVE-2016-6308
2.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. September 26, 2016, 14:09 pm
CVE-2016-6307
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
Normal openssl The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. September 26, 2016, 14:09 pm
CVE-2016-6306
1.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
openssl The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. September 26, 2016, 14:09 pm
CVE-2016-6305
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious openssl The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. September 26, 2016, 14:09 pm
CVE-2016-6304
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. September 26, 2016, 14:09 pm
CVE-2016-6303
7.5 MV Product/Version
affected:
CGX 1.8 In progress
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. September 16, 2016, 00:09 am
CVE-2016-6302
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
openssl The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. September 16, 2016, 00:09 am
CVE-2016-6301
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High busybox The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. December 9, 2016, 14:12 pm
CVE-2016-6297
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
php Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. July 25, 2016, 09:07 am
CVE-2016-6296
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
php Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. July 25, 2016, 09:07 am
CVE-2016-6295
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
php ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. July 25, 2016, 09:07 am
CVE-2016-6294
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. July 25, 2016, 09:07 am
CVE-2016-6293
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
icu The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. July 25, 2016, 09:07 am
CVE-2016-6292
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
php The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. July 25, 2016, 09:07 am
CVE-2016-6291
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. July 25, 2016, 09:07 am
CVE-2016-6290
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. July 25, 2016, 09:07 am
CVE-2016-6289
4.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
php Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. July 25, 2016, 09:07 am
CVE-2016-6288
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. July 25, 2016, 09:07 am
CVE-2016-6264
4.0 MV Product/Version
affected:
uclibc Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function. January 27, 2017, 16:01 pm
CVE-2016-6263
4.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
libidn The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. September 7, 2016, 15:09 pm
CVE-2016-6262
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
libidn idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. September 7, 2016, 15:09 pm
CVE-2016-6261
4.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
libidn The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. September 7, 2016, 15:09 pm
CVE-2016-6255
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. March 7, 2017, 10:03 am
CVE-2016-6252
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. February 17, 2017, 11:02 am
CVE-2016-6251
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. February 17, 2017, 09:02 am
CVE-2016-6250
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libarchive Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. September 21, 2016, 09:09 am
CVE-2016-6223
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. January 23, 2017, 15:01 pm
CVE-2016-6213
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. December 28, 2016, 01:12 am
CVE-2016-6210
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. February 13, 2017, 11:02 am
CVE-2016-6207
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
php Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. August 12, 2016, 10:08 am
CVE-2016-6198
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
kernel The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. August 6, 2016, 15:08 pm
CVE-2016-6197
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
kernel fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. August 6, 2016, 15:08 pm
CVE-2016-6187
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
kernel The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. August 6, 2016, 15:08 pm
CVE-2016-6185
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
perl The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. August 2, 2016, 09:08 am
CVE-2016-6174
8.1 MV Product/Version
affected:
Serious php applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. July 12, 2016, 14:07 pm
CVE-2016-6170
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
bind ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. July 6, 2016, 09:07 am
CVE-2016-6163
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. February 3, 2017, 09:02 am
CVE-2016-6162
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations. August 6, 2016, 15:08 pm
CVE-2016-6156
1.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a double fetch vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6153
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
sqlite os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. September 26, 2016, 11:09 am
CVE-2016-6136
1.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a double fetch vulnerability. August 6, 2016, 15:08 pm
CVE-2016-6131
4.0 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. February 7, 2017, 09:02 am
CVE-2016-6130
1.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a double fetch vulnerability. July 3, 2016, 16:07 pm
CVE-2016-5875
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 11, 2018, 21:03 pm
CVE-2016-5870
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. April 4, 2017, 13:04 pm
CVE-2016-5856
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. April 12, 2017, 17:04 pm
CVE-2016-5844
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libarchive Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. September 21, 2016, 09:09 am
CVE-2016-5829
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
CGX 2.0 Resolved
kernel Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. June 27, 2016, 05:06 am
CVE-2016-5828
7.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. June 27, 2016, 05:06 am
CVE-2016-5827
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 2.2 Resolved
Serious libical The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. January 27, 2017, 16:01 pm
CVE-2016-5826
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
Serious libical The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. January 27, 2017, 16:01 pm
CVE-2016-5825
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
Normal libical The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5824
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
Normal libical libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5823
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 2.2 In progress
CGE 7.0 In progress
Normal libical The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. January 27, 2017, 16:01 pm
CVE-2016-5773
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. August 7, 2016, 05:08 am
CVE-2016-5772
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. August 7, 2016, 05:08 am
CVE-2016-5771
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. August 7, 2016, 05:08 am
CVE-2016-5770
5.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
php Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. August 7, 2016, 05:08 am
CVE-2016-5769
5.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
php Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. August 7, 2016, 05:08 am
CVE-2016-5768
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
php Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. August 7, 2016, 05:08 am
CVE-2016-5767
5.1 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
libgd Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. August 7, 2016, 05:08 am
CVE-2016-5766
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
libgd Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. August 7, 2016, 05:08 am
CVE-2016-5739
7.5 MV Product/Version
affected:
Serious phpmyadmin The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. July 2, 2016, 20:07 pm
CVE-2016-5734
9.8 MV Product/Version
affected:
Critical phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. July 2, 2016, 20:07 pm
CVE-2016-5733
6.1 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. July 2, 2016, 20:07 pm
CVE-2016-5732
6.1 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. July 2, 2016, 20:07 pm
CVE-2016-5731
6.1 MV Product/Version
affected:
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. July 2, 2016, 20:07 pm
CVE-2016-5730
5.3 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. July 2, 2016, 20:07 pm
CVE-2016-5728
5.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a double fetch vulnerability. June 27, 2016, 05:06 am
CVE-2016-5725
5.9 MV Product/Version
affected:
Normal jsch Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command. January 19, 2017, 16:01 pm
CVE-2016-5706
7.5 MV Product/Version
affected:
Serious phpmyadmin js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. July 2, 2016, 20:07 pm
CVE-2016-5705
6.1 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an invalid JSON error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. July 2, 2016, 20:07 pm
CVE-2016-5704
6.1 MV Product/Version
affected:
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. July 2, 2016, 20:07 pm
CVE-2016-5703
9.8 MV Product/Version
affected:
Critical phpmyadmin SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. July 2, 2016, 20:07 pm
CVE-2016-5702
3.7 MV Product/Version
affected:
Low phpmyadmin phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. July 2, 2016, 20:07 pm
CVE-2016-5701
6.1 MV Product/Version
affected:
Normal phpmyadmin setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. July 2, 2016, 20:07 pm
CVE-2016-5699
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
python CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. September 2, 2016, 09:09 am
CVE-2016-5696
5.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. August 6, 2016, 15:08 pm
CVE-2016-5652
5.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
tiff An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFFs TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. January 6, 2017, 15:01 pm
CVE-2016-5636
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
python Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. September 2, 2016, 09:09 am
CVE-2016-5635
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. October 25, 2016, 09:10 am
CVE-2016-5634
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. October 25, 2016, 09:10 am
CVE-2016-5633
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. October 25, 2016, 09:10 am
CVE-2016-5632
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. October 25, 2016, 09:10 am
CVE-2016-5631
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. October 25, 2016, 09:10 am
CVE-2016-5630
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5629
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. October 25, 2016, 09:10 am
CVE-2016-5628
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. October 25, 2016, 09:10 am
CVE-2016-5627
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5626
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. October 25, 2016, 09:10 am
CVE-2016-5625
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. October 25, 2016, 09:10 am
CVE-2016-5624
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5617
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
mysql5 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. October 25, 2016, 09:10 am
CVE-2016-5616
3.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
mysql5 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. October 25, 2016, 09:10 am
CVE-2016-5612
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5609
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. October 25, 2016, 09:10 am
CVE-2016-5584
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. October 25, 2016, 09:10 am
CVE-2016-5507
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-5444
3.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Low mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. July 21, 2016, 05:07 am
CVE-2016-5443
4.7 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. July 21, 2016, 05:07 am
CVE-2016-5442
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-5441
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. July 21, 2016, 05:07 am
CVE-2016-5440
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. July 21, 2016, 05:07 am
CVE-2016-5439
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. July 21, 2016, 05:07 am
CVE-2016-5437
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. July 21, 2016, 05:07 am
CVE-2016-5436
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-5424
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
Serious postgresql PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) (double quote), (2) (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. December 9, 2016, 17:12 pm
CVE-2016-5423
8.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious postgresql PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. December 9, 2016, 17:12 pm
CVE-2016-5421
3.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
curl Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. August 10, 2016, 09:08 am
CVE-2016-5420
3.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
curl curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. August 10, 2016, 09:08 am
CVE-2016-5419
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
curl curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. August 10, 2016, 09:08 am
CVE-2016-5418
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious libarchive The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. September 21, 2016, 09:09 am
CVE-2016-5417
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. February 16, 2017, 20:02 pm
CVE-2016-5412
4.3 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. August 6, 2016, 15:08 pm
CVE-2016-5407
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
libxv The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. December 13, 2016, 14:12 pm
CVE-2016-5403
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
qemu The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. August 2, 2016, 11:08 am
CVE-2016-5400
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations. August 6, 2016, 15:08 pm
CVE-2016-5399
5.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
modphp The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. April 21, 2017, 15:04 pm
CVE-2016-5389
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5696. Reason: This candidate is a reservation duplicate of CVE-2016-5696. Notes: All CVE users should reference CVE-2016-5696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. July 13, 2016, 11:07 am
CVE-2016-5387
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
appache The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue. NOTE: the vendor states This mitigation has been assigned the identifier CVE-2016-5387; in other words, this is not a CVE ID for a vulnerability. July 18, 2016, 21:07 pm
CVE-2016-5386
5.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
go The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue. July 18, 2016, 21:07 pm
CVE-2016-5385
5.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
php PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(HTTP_PROXY) call or (2) a CGI configuration of PHP, aka an httpoxy issue. July 18, 2016, 21:07 pm
CVE-2016-5384
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious fontconfig fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. August 12, 2016, 20:08 pm
CVE-2016-5359
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5358
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5357
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
wireshark wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5356
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5355
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. August 7, 2016, 11:08 am
CVE-2016-5354
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5353
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5352
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5351
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5350
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. August 7, 2016, 11:08 am
CVE-2016-5344
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical kernel Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. August 30, 2016, 12:08 pm
CVE-2016-5343
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical kernel drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. October 10, 2016, 05:10 am
CVE-2016-5342
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. August 30, 2016, 12:08 pm
CVE-2016-5340
8.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. August 7, 2016, 16:08 pm
CVE-2016-5338
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. June 14, 2016, 09:06 am
CVE-2016-5337
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
qemu The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. June 14, 2016, 09:06 am
CVE-2016-5323
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. January 20, 2017, 09:01 am
CVE-2016-5322
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
tiff The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. April 11, 2017, 13:04 pm
CVE-2016-5321
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. January 20, 2017, 09:01 am
CVE-2016-5320
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
tiff ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 11, 2018, 21:03 pm
CVE-2016-5319
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
tiff Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. January 20, 2017, 09:01 am
CVE-2016-5318
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
tiff Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. January 20, 2017, 09:01 am
CVE-2016-5317
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. January 20, 2017, 09:01 am
CVE-2016-5316
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
tiff Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. January 20, 2017, 09:01 am
CVE-2016-5315
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
tiff The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. March 7, 2017, 09:03 am
CVE-2016-5314
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. March 11, 2018, 21:03 pm
CVE-2016-5300
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
expat The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. June 16, 2016, 13:06 pm
CVE-2016-5285
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
nss ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 02:06 am
CVE-2016-5244
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. June 27, 2016, 05:06 am
CVE-2016-5243
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. June 27, 2016, 05:06 am
CVE-2016-5238
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. June 14, 2016, 09:06 am
CVE-2016-5195
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka Dirty COW. November 10, 2016, 15:11 pm
CVE-2016-5180
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
c-ares Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. October 3, 2016, 10:10 am
CVE-2016-5131
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
libxml2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. July 23, 2016, 14:07 pm
CVE-2016-5126
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. June 1, 2016, 17:06 pm
CVE-2016-5114
6.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
php sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging. August 7, 2016, 05:08 am
CVE-2016-5107
1.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. September 2, 2016, 09:09 am
CVE-2016-5106
1.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. September 2, 2016, 09:09 am
CVE-2016-5105
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. September 2, 2016, 09:09 am
CVE-2016-5102
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. February 6, 2017, 11:02 am
CVE-2016-5099
6.1 MV Product/Version
affected:
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. July 4, 2016, 20:07 pm
CVE-2016-5098
5.3 MV Product/Version
affected:
Normal phpmyadmin Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. July 4, 2016, 20:07 pm
CVE-2016-5097
5.3 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. July 4, 2016, 20:07 pm
CVE-2016-5096
8.6 MV Product/Version
affected:
Serious php Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument. August 7, 2016, 05:08 am
CVE-2016-5095
8.6 MV Product/Version
affected:
Serious php Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094. August 7, 2016, 05:08 am
CVE-2016-5094
8.6 MV Product/Version
affected:
Serious php Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. August 7, 2016, 05:08 am
CVE-2016-5093
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
php The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. August 7, 2016, 05:08 am
CVE-2016-5011
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. April 11, 2017, 10:04 am
CVE-2016-5008
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
libvirt libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. July 13, 2016, 10:07 am
CVE-2016-5000
5.5 MV Product/Version
affected:
Normal poi The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. August 5, 2016, 09:08 am
CVE-2016-4998
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. July 3, 2016, 16:07 pm
CVE-2016-4997
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. July 3, 2016, 16:07 pm
CVE-2016-4979
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
appache The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the SSLVerifyClient require directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. July 6, 2016, 09:07 am
CVE-2016-4973
3.6 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. June 7, 2017, 15:06 pm
CVE-2016-4971
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
gnu_wget GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. June 30, 2016, 12:06 pm
CVE-2016-4964
2.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. December 9, 2016, 18:12 pm
CVE-2016-4957
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
ntp ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. July 4, 2016, 20:07 pm
CVE-2016-4956
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. July 4, 2016, 20:07 pm
CVE-2016-4955
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium ntp ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. July 4, 2016, 20:07 pm
CVE-2016-4954
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium ntp The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. July 4, 2016, 20:07 pm
CVE-2016-4953
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium ntp ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. July 4, 2016, 20:07 pm
CVE-2016-4952
1.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. September 2, 2016, 09:09 am
CVE-2016-4951
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. May 23, 2016, 05:05 am
CVE-2016-4913
7.2 MV Product/Version
affected:
CGE 7.0 In progress
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. May 23, 2016, 05:05 am
CVE-2016-4809
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. September 21, 2016, 09:09 am
CVE-2016-4805
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
kernel Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. May 23, 2016, 05:05 am
CVE-2016-4804
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
dosfstools The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. June 3, 2016, 09:06 am
CVE-2016-4802
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious curl Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. June 24, 2016, 12:06 pm
CVE-2016-4794
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. May 23, 2016, 05:05 am
CVE-2016-4616
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4615
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4614
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical libxml2 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619. July 21, 2016, 21:07 pm
CVE-2016-4610
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4609
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4608
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4607
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical libxslt libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. July 21, 2016, 21:07 pm
CVE-2016-4592
6.5 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4591
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
Serious webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. July 21, 2016, 21:07 pm
CVE-2016-4590
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4589
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
Serious webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. July 21, 2016, 21:07 pm
CVE-2016-4588
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
Serious webkit WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4587
5.3 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4586
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious webkit WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4585
6.1 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. July 21, 2016, 21:07 pm
CVE-2016-4584
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious webkit The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. July 21, 2016, 21:07 pm
CVE-2016-4583
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. July 21, 2016, 21:07 pm
CVE-2016-4581
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. May 23, 2016, 05:05 am
CVE-2016-4580
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. May 23, 2016, 05:05 am
CVE-2016-4579
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
libskba Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the returned length of the object from _ksba_ber_parse_tl. June 13, 2016, 14:06 pm
CVE-2016-4578
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
kernel sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. May 23, 2016, 05:05 am
CVE-2016-4569
2.1 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. May 23, 2016, 05:05 am
CVE-2016-4568
7.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. May 23, 2016, 05:05 am
CVE-2016-4565
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
kernel The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. May 23, 2016, 05:05 am
CVE-2016-4558
6.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. May 23, 2016, 05:05 am
CVE-2016-4557
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. May 23, 2016, 05:05 am
CVE-2016-4556
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. May 10, 2016, 14:05 pm
CVE-2016-4555
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. May 10, 2016, 14:05 pm
CVE-2016-4554
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
squid mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a header smuggling issue. May 10, 2016, 14:05 pm
CVE-2016-4553
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
squid client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. May 10, 2016, 14:05 pm
CVE-2016-4544
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4543
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4542
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. May 21, 2016, 20:05 pm
CVE-2016-4541
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
php The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. May 21, 2016, 20:05 pm
CVE-2016-4540
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
php The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. May 21, 2016, 20:05 pm
CVE-2016-4539
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. May 21, 2016, 20:05 pm
CVE-2016-4538
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. May 21, 2016, 20:05 pm
CVE-2016-4537
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. May 21, 2016, 20:05 pm
CVE-2016-4493
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. February 24, 2017, 14:02 pm
CVE-2016-4492
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. February 24, 2017, 14:02 pm
CVE-2016-4491
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having itself as ancestor more than once. February 24, 2017, 14:02 pm
CVE-2016-4490
4.0 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. February 24, 2017, 14:02 pm
CVE-2016-4489
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the demangling of virtual tables. February 24, 2017, 14:02 pm
CVE-2016-4488
4.0 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to ktypevec. February 24, 2017, 14:02 pm
CVE-2016-4487
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to btypevec. February 24, 2017, 14:02 pm
CVE-2016-4486
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. May 23, 2016, 05:05 am
CVE-2016-4485
5.0 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. May 23, 2016, 05:05 am
CVE-2016-4483
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 6.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. April 11, 2017, 11:04 am
CVE-2016-4482
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
fedora The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. May 23, 2016, 05:05 am
CVE-2016-4476
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
hostapd hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject and characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. May 9, 2016, 05:05 am
CVE-2016-4473
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. June 8, 2017, 15:06 pm
CVE-2016-4472
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
expat The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. June 30, 2016, 12:06 pm
CVE-2016-4470
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
enterprise_mrg The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. June 27, 2016, 05:06 am
CVE-2016-4463
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
xerces-c++ Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. July 8, 2016, 14:07 pm
CVE-2016-4456
5.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
gnutls The GNUTLS_KEYLOGFILE environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. August 8, 2017, 16:08 pm
CVE-2016-4454
3.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
qemu The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. June 1, 2016, 17:06 pm
CVE-2016-4453
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. June 1, 2016, 17:06 pm
CVE-2016-4450
7.5 MV Product/Version
affected:
Serious nginx os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. June 7, 2016, 09:06 am
CVE-2016-4449
5.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libxml2 XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. June 9, 2016, 11:06 am
CVE-2016-4448
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libxml2 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. June 9, 2016, 11:06 am
CVE-2016-4447
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
libxml2 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. June 9, 2016, 11:06 am
CVE-2016-4441
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
qemu The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. May 20, 2016, 09:05 am
CVE-2016-4440
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. June 27, 2016, 05:06 am
CVE-2016-4439
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. May 20, 2016, 09:05 am
CVE-2016-4429
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
glibc Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. June 10, 2016, 10:06 am
CVE-2016-4421
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. April 30, 2016, 20:04 pm
CVE-2016-4420
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
wireshark The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4419
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
wireshark epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4418
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. April 30, 2016, 20:04 pm
CVE-2016-4417
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. April 30, 2016, 20:04 pm
CVE-2016-4416
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
wireshark epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. April 30, 2016, 20:04 pm
CVE-2016-4415
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
wireshark wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. April 30, 2016, 20:04 pm
CVE-2016-4412
4.4 MV Product/Version
affected:
Normal phpmyadmin An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the users valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. December 10, 2016, 20:12 pm
CVE-2016-4356
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libskba The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. June 13, 2016, 14:06 pm
CVE-2016-4355
5.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
libskba Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. June 13, 2016, 14:06 pm
CVE-2016-4354
5.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
libskba ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. June 13, 2016, 14:06 pm
CVE-2016-4353
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
libskba ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. June 13, 2016, 14:06 pm
CVE-2016-4348
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
librsvg The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. May 20, 2016, 09:05 am
CVE-2016-4347
0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candidate is a reservation duplicate of CVE-2015-7558. Notes: All CVE users should reference CVE-2015-7558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. June 6, 2016, 10:06 am
CVE-2016-4346
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4345
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4344
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. May 21, 2016, 20:05 pm
CVE-2016-4343
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. May 21, 2016, 20:05 pm
CVE-2016-4342
8.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
php ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. May 21, 2016, 20:05 pm
CVE-2016-4302
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. September 21, 2016, 09:09 am
CVE-2016-4301
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. September 21, 2016, 09:09 am
CVE-2016-4300
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. September 21, 2016, 09:09 am
CVE-2016-4085
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. April 25, 2016, 05:04 am
CVE-2016-4084
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
wireshark Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. April 25, 2016, 05:04 am
CVE-2016-4083
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
wireshark epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4082
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4081
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
wireshark epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4080
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4079
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
wireshark epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4078
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
wireshark The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. April 25, 2016, 05:04 am
CVE-2016-4077
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
wireshark epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4076
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
wireshark epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4073
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. May 20, 2016, 06:05 am
CVE-2016-4072
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of characters by the phar_analyze_path function in ext/phar/phar.c. May 20, 2016, 06:05 am
CVE-2016-4071
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. May 20, 2016, 06:05 am
CVE-2016-4070
7.5 MV Product/Version
affected:
Serious php ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says Not sure if this qualifies as security issue (probably not). May 20, 2016, 06:05 am
CVE-2016-4054
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. April 25, 2016, 09:04 am
CVE-2016-4053
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. April 25, 2016, 09:04 am
CVE-2016-4052
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
squid Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. April 25, 2016, 09:04 am
CVE-2016-4051
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
squid Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. April 25, 2016, 09:04 am
CVE-2016-4049
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
quagga The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. May 23, 2016, 14:05 pm
CVE-2016-4037
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. May 23, 2016, 14:05 pm
CVE-2016-4020
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). May 25, 2016, 10:05 am
CVE-2016-4008
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
libtasn1 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. May 5, 2016, 13:05 pm
CVE-2016-4006
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
wireshark epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. April 25, 2016, 05:04 am
CVE-2016-4002
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. April 26, 2016, 09:04 am
CVE-2016-4001
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. May 23, 2016, 14:05 pm
CVE-2016-3991
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. September 21, 2016, 13:09 pm
CVE-2016-3990
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. September 21, 2016, 13:09 pm
CVE-2016-3977
5.5 MV Product/Version
affected:
Normal giflib Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. April 21, 2016, 09:04 am
CVE-2016-3959
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
go The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. May 23, 2016, 14:05 pm
CVE-2016-3958
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
Serious go Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. May 23, 2016, 14:05 pm
CVE-2016-3955
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. July 3, 2016, 16:07 pm
CVE-2016-3951
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
kernel Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. May 2, 2016, 05:05 am
CVE-2016-3948
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. April 7, 2016, 13:04 pm
CVE-2016-3947
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. April 7, 2016, 13:04 pm
CVE-2016-3945
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. September 21, 2016, 13:09 pm
CVE-2016-3841
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 5.1 Resolved
kernel The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. August 6, 2016, 15:08 pm
CVE-2016-3751
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious libpng Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. July 10, 2016, 20:07 pm
CVE-2016-3739
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
curl The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. May 20, 2016, 09:05 am
CVE-2016-3713
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. June 27, 2016, 05:06 am
CVE-2016-3712
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
qemu Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. May 11, 2016, 16:05 pm
CVE-2016-3710
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
helion_openstack The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the Dark Portal issue. May 11, 2016, 16:05 pm
CVE-2016-3707
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. June 27, 2016, 05:06 am
CVE-2016-3706
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
glibc Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. June 10, 2016, 10:06 am
CVE-2016-3705
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
icewall_federation_agent The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. May 17, 2016, 09:05 am
CVE-2016-3699
3.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. October 7, 2016, 09:10 am
CVE-2016-3697
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious docker libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. June 1, 2016, 15:06 pm
CVE-2016-3695
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. December 29, 2017, 09:12 am
CVE-2016-3689
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. May 2, 2016, 05:05 am
CVE-2016-3672
4.6 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. April 27, 2016, 12:04 pm
CVE-2016-3658
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
tiff The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. October 3, 2016, 11:10 am
CVE-2016-3632
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. September 21, 2016, 13:09 pm
CVE-2016-3631
4.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
tiff The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. October 3, 2016, 11:10 am
CVE-2016-3627
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
icewall_federation_agent The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. May 17, 2016, 09:05 am
CVE-2016-3625
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
tiff tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. October 3, 2016, 11:10 am
CVE-2016-3624
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the -v option to -1. October 3, 2016, 11:10 am
CVE-2016-3623
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. October 3, 2016, 11:10 am
CVE-2016-3622
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. October 3, 2016, 11:10 am
CVE-2016-3621
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
tiff The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the -c lzw option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3620
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
tiff The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the -c zip option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3619
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
tiff The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the -c none option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. October 3, 2016, 11:10 am
CVE-2016-3615
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. July 21, 2016, 05:07 am
CVE-2016-3614
5.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-3588
5.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-3521
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. July 21, 2016, 05:07 am
CVE-2016-3518
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3501
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3495
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. October 25, 2016, 09:10 am
CVE-2016-3492
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. October 25, 2016, 09:10 am
CVE-2016-3486
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. July 21, 2016, 05:07 am
CVE-2016-3477
8.1 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. July 21, 2016, 05:07 am
CVE-2016-3471
7.5 MV Product/Version
affected:
Serious mysql Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. July 21, 2016, 05:07 am
CVE-2016-3459
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal mysql mariadb Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. July 21, 2016, 05:07 am
CVE-2016-3452
3.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low mysql mariadb Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. July 21, 2016, 05:07 am
CVE-2016-3440
7.7 MV Product/Version
affected:
Serious mysql Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3424
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. July 21, 2016, 05:07 am
CVE-2016-3191
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
pcre The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. March 17, 2016, 18:03 pm
CVE-2016-3190
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
cairo The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. April 21, 2016, 09:04 am
CVE-2016-3189
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
bzip2 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. June 30, 2016, 12:06 pm
CVE-2016-3186
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
tiff Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. April 19, 2016, 09:04 am
CVE-2016-3185
6.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
php The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. May 16, 2016, 05:05 am
CVE-2016-3177
9.8 MV Product/Version
affected:
Critical giflib Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. January 23, 2017, 15:01 pm
CVE-2016-3156
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. April 27, 2016, 12:04 pm
CVE-2016-3142
6.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PKx05x06 signature at an invalid location. March 31, 2016, 11:03 am
CVE-2016-3141
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
php Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. March 31, 2016, 11:03 am
CVE-2016-3140
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-3139
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. April 27, 2016, 12:04 pm
CVE-2016-3138
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. May 2, 2016, 05:05 am
CVE-2016-3137
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
kernel drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. May 2, 2016, 05:05 am
CVE-2016-3136
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.28 Resolved
kernel The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. May 2, 2016, 05:05 am
CVE-2016-3135
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. April 27, 2016, 12:04 pm
CVE-2016-3134
7.2 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. April 27, 2016, 12:04 pm
CVE-2016-3132
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. August 7, 2016, 05:08 am
CVE-2016-3125
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
proftpd The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. April 5, 2016, 15:04 pm
CVE-2016-3119
3.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kerberos The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. March 25, 2016, 20:03 pm
CVE-2016-3115
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 5.1 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
openssh Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. March 22, 2016, 05:03 am
CVE-2016-3078
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
php Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class. August 7, 2016, 05:08 am
CVE-2016-3075
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
glibc Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. June 1, 2016, 15:06 pm
CVE-2016-3070
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
kernel The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. August 6, 2016, 15:08 pm
CVE-2016-3065
9.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical postgresql The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. April 11, 2016, 10:04 am
CVE-2016-2858
1.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. April 7, 2016, 14:04 pm
CVE-2016-2857
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
qemu The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. April 11, 2016, 21:04 pm
CVE-2016-2854
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
kernel The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. May 2, 2016, 05:05 am
CVE-2016-2853
4.4 MV Product/Version
affected:
MVL6 Kernel 2.6.32 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. May 2, 2016, 05:05 am
CVE-2016-2848
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
bind ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. October 21, 2016, 05:10 am
CVE-2016-2847
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. April 27, 2016, 12:04 pm
CVE-2016-2842
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical openssl The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. March 3, 2016, 14:03 pm
CVE-2016-2841
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. June 16, 2016, 13:06 pm
CVE-2016-2834
9.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
nss Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. June 13, 2016, 05:06 am
CVE-2016-2782
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. April 27, 2016, 12:04 pm
CVE-2016-2781
4.0 MV Product/Version
affected:
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminals input buffer. February 7, 2017, 09:02 am
CVE-2016-2779
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminals input buffer. February 7, 2017, 09:02 am
CVE-2016-2776
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
bind buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. September 28, 2016, 05:09 am
CVE-2016-2775
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
bind ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. July 19, 2016, 17:07 pm
CVE-2016-2774
7.1 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
dhcp ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. March 9, 2016, 09:03 am
CVE-2016-2572
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
squid http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. February 26, 2016, 23:02 pm
CVE-2016-2571
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. February 26, 2016, 23:02 pm
CVE-2016-2570
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
squid The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. February 26, 2016, 23:02 pm
CVE-2016-2569
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
squid Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. February 26, 2016, 23:02 pm
CVE-2016-2568
5.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
polkit pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminals input buffer. February 13, 2017, 12:02 pm
CVE-2016-2562
6.8 MV Product/Version
affected:
Normal phpmyadmin The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. March 1, 2016, 05:03 am
CVE-2016-2561
5.4 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. March 1, 2016, 05:03 am
CVE-2016-2560
6.1 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. March 1, 2016, 05:03 am
CVE-2016-2559
5.4 MV Product/Version
affected:
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. March 1, 2016, 05:03 am
CVE-2016-2554
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
php Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. May 16, 2016, 05:05 am
CVE-2016-2550
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Kernel 2.6.27 Resolved
kernel The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. April 27, 2016, 12:04 pm
CVE-2016-2549
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.29 Resolved
CGX 1.8 In progress
CGX 2.0 In progress
kernel sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2548
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. April 27, 2016, 12:04 pm
CVE-2016-2547
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
kernel sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2546
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Kernel 2.6.27 Resolved
CGX 1.8 Resolved
kernel sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2545
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
kernel The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2544
4.7 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
kernel Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. April 27, 2016, 12:04 pm
CVE-2016-2543
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. April 27, 2016, 12:04 pm
CVE-2016-2538
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
qemu Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. June 16, 2016, 13:06 pm
CVE-2016-2532
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2531
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. February 27, 2016, 22:02 pm
CVE-2016-2530
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. February 27, 2016, 22:02 pm
CVE-2016-2529
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the OBJECT PROTOCOL substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. February 27, 2016, 22:02 pm
CVE-2016-2528
5.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2527
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. February 27, 2016, 22:02 pm
CVE-2016-2526
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2525
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2524
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2523
7.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
wireshark The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2522
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. February 27, 2016, 22:02 pm
CVE-2016-2521
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
wireshark Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. February 27, 2016, 22:02 pm
CVE-2016-2519
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. January 30, 2017, 15:01 pm
CVE-2016-2518
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. January 30, 2017, 15:01 pm
CVE-2016-2517
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. January 30, 2017, 15:01 pm
CVE-2016-2516
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. January 30, 2017, 15:01 pm
CVE-2016-2392
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. June 16, 2016, 13:06 pm
CVE-2016-2391
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. June 16, 2016, 13:06 pm
CVE-2016-2390
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
squid The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. April 19, 2016, 16:04 pm
CVE-2016-2384
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
kernel Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. April 27, 2016, 12:04 pm
CVE-2016-2383
2.1 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. April 27, 2016, 12:04 pm
CVE-2016-2381
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
perl Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. April 8, 2016, 10:04 am
CVE-2016-2342
8.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious quagga The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. March 17, 2016, 09:03 am
CVE-2016-2339
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical ruby An exploitable heap overflow vulnerability exists in the Fiddle::Function.new initialize function functionality of Ruby. In Fiddle::Function.new initialize heap buffer arg_types allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. January 6, 2017, 15:01 pm
CVE-2016-2337
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Critical ruby Type confusion exists in _cancel_eval Rubys TclTkIp class method. Attacker passing different type of object than String as retval argument can cause arbitrary code execution. January 6, 2017, 15:01 pm
CVE-2016-2336
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical ruby Type confusion exists in two methods of Rubys WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. January 6, 2017, 15:01 pm
CVE-2016-2324
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
git Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. April 8, 2016, 09:04 am
CVE-2016-2315
10.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
git revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. April 8, 2016, 09:04 am
CVE-2016-2226
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. February 24, 2017, 14:02 pm
CVE-2016-2217
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. January 30, 2017, 16:01 pm
CVE-2016-2198
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2016-2197
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. December 29, 2016, 16:12 pm
CVE-2016-2193
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious postgresql PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. April 11, 2016, 10:04 am
CVE-2016-2188
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2187
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2186
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2185
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. May 2, 2016, 05:05 am
CVE-2016-2184
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
kernel The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. April 27, 2016, 12:04 pm
CVE-2016-2183
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
openssl The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a Sweet32 attack. August 31, 2016, 19:08 pm
CVE-2016-2182
7.5 MV Product/Version
affected:
CGX 1.8 In progress
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. September 16, 2016, 00:09 am
CVE-2016-2181
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssh The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. September 16, 2016, 00:09 am
CVE-2016-2180
1.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the openssl ts command. July 31, 2016, 21:07 pm
CVE-2016-2179
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
openssl The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. September 16, 2016, 00:09 am
CVE-2016-2178
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved