| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-1000110 |
601 |
|
|
2019-11-27 |
2022-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. |
|
2 |
CVE-2016-9400 |
119 |
|
Exec Code Overflow |
2017-02-22 |
2020-06-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. |
|
3 |
CVE-2016-9243 |
20 |
|
|
2017-03-27 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
|
4 |
CVE-2016-9108 |
190 |
|
DoS Overflow |
2017-02-03 |
2020-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. |
|
5 |
CVE-2016-8887 |
476 |
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). |
|
6 |
CVE-2016-8884 |
476 |
|
DoS |
2017-03-28 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. |
|
7 |
CVE-2016-8693 |
415 |
|
DoS Exec Code |
2017-02-15 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. |
|
8 |
CVE-2016-8690 |
476 |
|
DoS |
2017-02-15 |
2018-11-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. |
|
9 |
CVE-2016-8606 |
284 |
|
Exec Code |
2017-01-12 |
2017-01-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. |
|
10 |
CVE-2016-8605 |
275 |
|
|
2017-01-12 |
2017-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. |
|
11 |
CVE-2016-8569 |
476 |
|
DoS |
2017-02-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. |
|
12 |
CVE-2016-8568 |
125 |
|
DoS |
2017-02-03 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. |
|
13 |
CVE-2016-7972 |
399 |
|
DoS |
2017-03-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. |
|
14 |
CVE-2016-7970 |
119 |
|
DoS Overflow |
2017-03-03 |
2017-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. |
|
15 |
CVE-2016-7969 |
125 |
|
DoS |
2017-03-03 |
2020-10-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." |
|
16 |
CVE-2016-7543 |
20 |
|
Exec Code |
2017-01-19 |
2018-01-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. |
|
17 |
CVE-2016-7167 |
190 |
|
Overflow |
2016-10-07 |
2018-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. |
|
18 |
CVE-2016-7163 |
190 |
|
Exec Code Overflow |
2016-09-21 |
2022-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. |
|
19 |
CVE-2016-6855 |
787 |
|
DoS |
2016-09-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. |
|
20 |
CVE-2016-6323 |
284 |
|
DoS |
2016-10-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. |
|
21 |
CVE-2016-6299 |
264 |
|
+Priv Bypass |
2017-04-14 |
2017-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. |
|
22 |
CVE-2016-6254 |
119 |
|
DoS Exec Code Overflow |
2016-08-19 |
2019-03-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. |
|
23 |
CVE-2016-6233 |
89 |
|
Sql |
2017-02-17 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. |
|
24 |
CVE-2016-6185 |
|
|
Exec Code |
2016-08-02 |
2021-09-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. |
|
25 |
CVE-2016-5766 |
190 |
|
DoS Overflow |
2016-08-07 |
2019-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. |
|
26 |
CVE-2016-5421 |
416 |
|
|
2016-08-10 |
2020-05-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. |
|
27 |
CVE-2016-5404 |
284 |
|
|
2016-09-07 |
2019-12-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. |
|
28 |
CVE-2016-5391 |
476 |
|
DoS |
2017-06-13 |
2017-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). |
|
29 |
CVE-2016-5387 |
284 |
|
|
2016-07-19 |
2021-06-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
|
30 |
CVE-2016-5386 |
284 |
|
|
2016-07-19 |
2019-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. |
|
31 |
CVE-2016-5385 |
284 |
|
|
2016-07-19 |
2021-09-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. |
|
32 |
CVE-2016-5384 |
415 |
|
Exec Code |
2016-08-13 |
2022-01-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. |
|
33 |
CVE-2016-5244 |
200 |
|
+Info |
2016-06-27 |
2019-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. |
|
34 |
CVE-2016-5157 |
119 |
|
Exec Code Overflow |
2016-09-11 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. |
|
35 |
CVE-2016-4980 |
330 |
|
|
2019-11-27 |
2020-01-09 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A password generation weakness exists in xquest through 2016-06-13. |
|
36 |
CVE-2016-4861 |
89 |
|
Sql |
2017-02-17 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. |
|
37 |
CVE-2016-4797 |
369 |
|
DoS |
2017-02-03 |
2020-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. |
|
38 |
CVE-2016-4796 |
119 |
|
DoS Overflow |
2017-02-03 |
2020-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. |
|
39 |
CVE-2016-4414 |
|
|
DoS |
2016-06-13 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. |
|
40 |
CVE-2016-4037 |
400 |
|
DoS |
2016-05-23 |
2020-05-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. |
|
41 |
CVE-2016-4021 |
399 |
|
DoS |
2016-05-26 |
2016-06-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. |
|
42 |
CVE-2016-4008 |
399 |
|
DoS |
2016-05-05 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. |
|
43 |
CVE-2016-4002 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-04-26 |
2020-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. |
|
44 |
CVE-2016-4001 |
120 |
|
DoS Overflow |
2016-05-23 |
2020-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. |
|
45 |
CVE-2016-3960 |
264 |
|
DoS Overflow +Priv |
2016-04-19 |
2016-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. |
|
46 |
CVE-2016-3959 |
20 |
|
DoS |
2016-05-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. |
|
47 |
CVE-2016-3674 |
200 |
|
+Info |
2016-05-17 |
2018-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. |
|
48 |
CVE-2016-3630 |
19 |
|
Exec Code |
2016-04-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. |
|
49 |
CVE-2016-3159 |
200 |
|
+Info |
2016-04-13 |
2019-02-21 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
|
50 |
CVE-2016-3158 |
200 |
|
+Info |
2016-04-13 |
2016-12-03 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
