| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2016-10227 |
399 |
|
DoS |
2017-02-21 |
2017-03-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. |
|
352 |
CVE-2016-10224 |
254 |
|
|
2017-02-13 |
2021-08-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. |
|
353 |
CVE-2016-10223 |
284 |
|
Exec Code |
2017-02-14 |
2017-02-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
354 |
CVE-2016-10216 |
79 |
|
Exec Code XSS |
2017-02-10 |
2017-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
355 |
CVE-2016-10215 |
79 |
|
Exec Code XSS |
2017-02-10 |
2017-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
356 |
CVE-2016-10213 |
200 |
|
+Info |
2017-02-08 |
2017-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. |
|
357 |
CVE-2016-10212 |
200 |
|
+Info |
2017-02-08 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product. |
|
358 |
CVE-2016-10208 |
125 |
|
DoS |
2017-02-06 |
2018-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. |
|
359 |
CVE-2016-10207 |
119 |
|
DoS Overflow |
2017-02-28 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. |
|
360 |
CVE-2016-10199 |
125 |
|
DoS |
2017-02-09 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. |
|
361 |
CVE-2016-10198 |
125 |
|
DoS |
2017-02-09 |
2020-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. |
|
362 |
CVE-2016-10192 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2017-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. |
|
363 |
CVE-2016-10191 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2018-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. |
|
364 |
CVE-2016-10190 |
119 |
|
Exec Code Overflow |
2017-02-09 |
2018-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. |
|
365 |
CVE-2016-10173 |
22 |
|
Dir. Trav. |
2017-02-01 |
2017-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. |
|
366 |
CVE-2016-10165 |
125 |
|
DoS +Info |
2017-02-03 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. |
|
367 |
CVE-2016-10164 |
119 |
|
DoS Exec Code Overflow |
2017-02-01 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. |
|
368 |
CVE-2016-10154 |
119 |
|
DoS Overflow Mem. Corr. |
2017-02-06 |
2017-02-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. |
|
369 |
CVE-2016-10153 |
399 |
|
DoS Mem. Corr. |
2017-02-06 |
2017-02-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. |
|
370 |
CVE-2016-10150 |
264 |
|
DoS +Priv |
2017-02-06 |
2017-02-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. |
|
371 |
CVE-2016-10134 |
89 |
|
Exec Code Sql |
2017-02-17 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. |
|
372 |
CVE-2016-10109 |
416 |
|
DoS |
2017-02-23 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. |
|
373 |
CVE-2016-10098 |
77 |
|
Exec Code |
2017-02-05 |
2017-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. |
|
374 |
CVE-2016-10089 |
264 |
|
+Priv |
2017-02-15 |
2017-11-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. |
|
375 |
CVE-2016-10079 |
20 |
|
DoS |
2017-02-01 |
2017-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. |
|
376 |
CVE-2016-10044 |
264 |
|
+Priv Bypass |
2017-02-07 |
2017-07-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. |
|
377 |
CVE-2016-10029 |
125 |
|
DoS |
2017-02-27 |
2020-11-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. |
|
378 |
CVE-2016-10028 |
125 |
|
DoS |
2017-02-27 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. |
|
379 |
CVE-2016-10026 |
284 |
|
|
2017-02-13 |
2017-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. |
|
380 |
CVE-2016-9975 |
352 |
|
CSRF |
2017-02-24 |
2017-03-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. |
|
381 |
CVE-2016-9963 |
320 |
|
|
2017-02-01 |
2017-02-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. |
|
382 |
CVE-2016-9956 |
284 |
|
|
2017-02-22 |
2020-10-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. |
|
383 |
CVE-2016-9955 |
20 |
|
DoS |
2017-02-17 |
2018-10-02 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
|
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. |
|
384 |
CVE-2016-9910 |
79 |
|
XSS |
2017-02-22 |
2017-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. |
|
385 |
CVE-2016-9909 |
79 |
|
XSS |
2017-02-22 |
2017-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. |
|
386 |
CVE-2016-9873 |
77 |
|
Exec Code |
2017-02-03 |
2017-07-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. |
|
387 |
CVE-2016-9872 |
79 |
|
XSS |
2017-02-03 |
2017-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. |
|
388 |
CVE-2016-9871 |
264 |
|
|
2017-02-03 |
2017-03-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. |
|
389 |
CVE-2016-9831 |
119 |
|
Overflow |
2017-02-17 |
2017-02-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. |
|
390 |
CVE-2016-9829 |
119 |
|
Overflow |
2017-02-17 |
2017-02-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. |
|
391 |
CVE-2016-9828 |
476 |
|
DoS |
2017-02-17 |
2017-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. |
|
392 |
CVE-2016-9827 |
119 |
|
DoS Overflow |
2017-02-17 |
2017-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. |
|
393 |
CVE-2016-9818 |
284 |
|
DoS |
2017-02-27 |
2017-07-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. |
|
394 |
CVE-2016-9817 |
284 |
|
DoS |
2017-02-27 |
2017-07-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. |
|
395 |
CVE-2016-9816 |
284 |
|
DoS |
2017-02-27 |
2017-07-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. |
|
396 |
CVE-2016-9815 |
284 |
|
DoS |
2017-02-27 |
2017-07-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. |
|
397 |
CVE-2016-9814 |
399 |
|
DoS |
2017-02-17 |
2018-03-04 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
|
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. |
|
398 |
CVE-2016-9773 |
119 |
|
DoS Overflow |
2017-02-17 |
2017-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. |
|
399 |
CVE-2016-9772 |
200 |
|
+Info |
2017-02-06 |
2017-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. |
|
400 |
CVE-2016-9748 |
200 |
|
+Info |
2017-02-08 |
2017-02-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. |
