Max CVSS 9.3 Min CVSS 2.1 Total Count45
IDCVSSSummaryLast (major) updatePublished
CVE-2016-0718 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
02-03-2017 - 21:59 26-05-2016 - 12:59
CVE-2016-3981 9.3
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image
19-02-2017 - 01:19 13-04-2016 - 12:59
CVE-2016-6207 4.3
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vecto
17-01-2017 - 21:59 12-08-2016 - 11:59
CVE-2016-5261 7.5
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets th
17-01-2017 - 21:59 04-08-2016 - 21:59
CVE-2016-5250 5.0
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
17-01-2017 - 21:59 04-08-2016 - 21:59
CVE-2016-4794 7.2
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
17-01-2017 - 21:59 23-05-2016 - 06:59
CVE-2016-2837 6.8
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing
02-01-2017 - 22:00 04-08-2016 - 21:59
CVE-2016-6515 7.8
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
22-12-2016 - 21:59 07-08-2016 - 17:59
CVE-2016-3135 7.2
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLA
02-12-2016 - 22:26 27-04-2016 - 13:59
CVE-2016-3134 7.2
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
02-12-2016 - 22:26 27-04-2016 - 13:59
CVE-2016-3712 2.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
30-11-2016 - 22:10 11-05-2016 - 17:59
CVE-2016-6296 7.5
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
28-11-2016 - 15:31 25-07-2016 - 10:59
CVE-2016-6214 4.3
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
28-11-2016 - 15:31 12-08-2016 - 11:59
CVE-2016-6132 4.3
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
28-11-2016 - 15:30 12-08-2016 - 11:59
CVE-2016-5403 4.9
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
28-11-2016 - 15:25 02-08-2016 - 12:59
CVE-2016-5331 4.3
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
28-11-2016 - 15:24 07-08-2016 - 21:59
CVE-2016-5268 4.3
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonst
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5266 5.8
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5265 4.0
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML docu
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5264 6.8
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5263 6.8
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confu
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5262 4.3
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote a
28-11-2016 - 15:24 04-08-2016 - 21:59
CVE-2016-5260 4.3
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5259 6.8
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a neste
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5258 6.8
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5255 6.8
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5254 7.5
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application cr
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5252 6.8
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled duri
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5251 4.3
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
28-11-2016 - 15:23 04-08-2016 - 21:59
CVE-2016-5243 2.1
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink messa
28-11-2016 - 15:23 27-06-2016 - 06:59
CVE-2016-4470 4.9
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
28-11-2016 - 15:18 27-06-2016 - 06:59
CVE-2016-3982 6.8
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, whi
28-11-2016 - 15:14 13-04-2016 - 12:59
CVE-2016-3961 2.1
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
28-11-2016 - 15:14 15-04-2016 - 10:59
CVE-2016-3598 9.3
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3511 6.9
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
28-11-2016 - 15:10 21-07-2016 - 06:13
CVE-2016-2839 4.3
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (a
28-11-2016 - 15:05 04-08-2016 - 21:59
CVE-2016-2838 6.8
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
28-11-2016 - 15:05 04-08-2016 - 21:59
CVE-2016-2836 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
28-11-2016 - 15:05 04-08-2016 - 21:59
CVE-2016-2835 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
28-11-2016 - 15:05 04-08-2016 - 21:59
CVE-2016-2830 4.3
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing n
28-11-2016 - 15:04 04-08-2016 - 21:59
CVE-2016-2191 4.3
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
28-11-2016 - 15:03 13-04-2016 - 12:59
CVE-2016-1497 4.0
The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manag
28-11-2016 - 14:59 26-08-2016 - 10:59
CVE-2016-1237 4.9
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.
28-11-2016 - 14:58 29-06-2016 - 10:10
CVE-2016-5736 5.0
The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.
22-08-2016 - 11:20 19-08-2016 - 17:59
CVE-2015-8022 8.5
The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before
22-08-2016 - 10:23 19-08-2016 - 17:59
Back to Top Mark selected
Back to Top