| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1051 |
CVE-2016-10323 |
264 |
|
Exec Code +Priv |
2017-04-10 |
2018-06-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. |
|
1052 |
CVE-2016-10322 |
77 |
|
Exec Code |
2017-04-10 |
2017-04-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. |
|
1053 |
CVE-2016-10321 |
254 |
|
|
2017-04-10 |
2019-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. |
|
1054 |
CVE-2016-10320 |
78 |
|
|
2017-04-06 |
2017-04-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. |
|
1055 |
CVE-2016-10319 |
190 |
|
Exec Code Overflow |
2017-04-06 |
2017-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code. |
|
1056 |
CVE-2016-10318 |
264 |
|
DoS |
2017-04-04 |
2017-04-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. |
|
1057 |
CVE-2016-10317 |
119 |
|
DoS Overflow |
2017-04-03 |
2018-05-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. |
|
1058 |
CVE-2016-10316 |
601 |
|
|
2017-04-03 |
2017-04-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout. |
|
1059 |
CVE-2016-10315 |
601 |
|
|
2017-04-03 |
2017-04-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. |
|
1060 |
CVE-2016-10314 |
200 |
|
+Info |
2017-04-03 |
2017-04-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page. |
|
1061 |
CVE-2016-10313 |
352 |
|
CSRF |
2017-04-03 |
2017-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. |
|
1062 |
CVE-2016-10312 |
77 |
|
Exec Code |
2017-04-03 |
2017-04-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. |
|
1063 |
CVE-2016-10311 |
119 |
|
DoS Overflow |
2017-04-10 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. |
|
1064 |
CVE-2016-10310 |
119 |
|
DoS Overflow |
2017-04-10 |
2018-12-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778. |
|
1065 |
CVE-2016-10304 |
502 |
|
DoS |
2017-04-10 |
2021-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788. |
|
1066 |
CVE-2016-10259 |
399 |
|
|
2017-04-11 |
2018-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server. |
|
1067 |
CVE-2016-10229 |
358 |
|
Exec Code |
2017-04-04 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. |
|
1068 |
CVE-2016-10226 |
125 |
|
DoS |
2017-04-03 |
2017-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. |
|
1069 |
CVE-2016-10222 |
20 |
|
DoS |
2017-04-03 |
2017-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. |
|
1070 |
CVE-2016-10221 |
119 |
|
DoS Overflow |
2017-04-03 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. |
|
1071 |
CVE-2016-10220 |
476 |
|
DoS |
2017-04-03 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. |
|
1072 |
CVE-2016-10219 |
369 |
|
DoS |
2017-04-03 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. |
|
1073 |
CVE-2016-10218 |
476 |
|
DoS |
2017-04-03 |
2017-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. |
|
1074 |
CVE-2016-10217 |
416 |
|
DoS |
2017-04-03 |
2017-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. |
|
1075 |
CVE-2016-10211 |
416 |
|
DoS |
2017-04-03 |
2017-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. |
|
1076 |
CVE-2016-10210 |
476 |
|
DoS |
2017-04-03 |
2017-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. |
|
1077 |
CVE-2016-10209 |
476 |
|
DoS |
2017-04-03 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. |
|
1078 |
CVE-2016-10123 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. |
|
1079 |
CVE-2016-10122 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail does not properly clean environment variables, which allows local users to gain privileges. |
|
1080 |
CVE-2016-10121 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. |
|
1081 |
CVE-2016-10120 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. |
|
1082 |
CVE-2016-10119 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. |
|
1083 |
CVE-2016-10118 |
264 |
|
|
2017-04-13 |
2017-04-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. |
|
1084 |
CVE-2016-10117 |
264 |
|
+Priv |
2017-04-13 |
2017-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. |
|
1085 |
CVE-2016-10091 |
119 |
|
Overflow |
2017-04-21 |
2017-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. |
|
1086 |
CVE-2016-9980 |
79 |
|
XSS |
2017-04-20 |
2017-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. |
|
1087 |
CVE-2016-9979 |
79 |
|
XSS |
2017-04-20 |
2017-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. |
|
1088 |
CVE-2016-9978 |
200 |
|
+Info |
2017-04-20 |
2017-04-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. |
|
1089 |
CVE-2016-9959 |
125 |
|
|
2017-04-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. |
|
1090 |
CVE-2016-9958 |
119 |
|
Overflow |
2017-04-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. |
|
1091 |
CVE-2016-9957 |
119 |
|
Overflow |
2017-04-12 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in game-music-emu before 0.6.1. |
|
1092 |
CVE-2016-9954 |
399 |
|
DoS |
2017-04-21 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. |
|
1093 |
CVE-2016-9219 |
20 |
|
|
2017-04-06 |
2021-04-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. This vulnerability affects Cisco Wireless LAN Controller (WLC) running software version 8.2.121.0 or 8.3.102.0. Cisco Bug IDs: CSCva98592. |
|
1094 |
CVE-2016-9197 |
264 |
|
+Info |
2017-04-07 |
2017-04-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). |
|
1095 |
CVE-2016-9196 |
264 |
|
+Priv |
2017-04-07 |
2017-07-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). |
|
1096 |
CVE-2016-9195 |
399 |
|
DoS |
2017-04-07 |
2017-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3). |
|
1097 |
CVE-2016-9194 |
399 |
|
DoS |
2017-04-06 |
2017-07-12 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353. |
|
1098 |
CVE-2016-9091 |
78 |
|
Exec Code |
2017-04-05 |
2017-08-16 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. |
|
1099 |
CVE-2016-8962 |
255 |
|
|
2017-04-26 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. |
|
1100 |
CVE-2016-8927 |
79 |
|
XSS |
2017-04-14 |
2017-04-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. |
