Total
29699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5668 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2025-04-12 | N/A |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | ||||
| CVE-2016-4558 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 7.0 High |
| The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. | ||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2025-04-12 | N/A |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | ||||
| CVE-2016-4414 | 3 Fedoraproject, Opensuse, Quassel-irc | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | N/A |
| The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | ||||
| CVE-2016-4520 | 1 Schneider-electric | 1 Pelco Digital Sentry Video Management System Firmware | 2025-04-12 | N/A |
| Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. | ||||
| CVE-2016-4216 | 1 Adobe | 1 Xmp Toolkit | 2025-04-12 | N/A |
| XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-0934 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2016-0932, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941. | ||||
| CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | N/A |
| Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | ||||
| CVE-2016-4059 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | N/A |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. | ||||
| CVE-2016-4794 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-12 | 7.8 High |
| Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. | ||||
| CVE-2016-3684 | 3 Apple, Microsoft, Sap | 3 Macos, Windows, Download Manager | 2025-04-12 | N/A |
| SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. | ||||
| CVE-2016-3746 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802. | ||||
| CVE-2016-2811 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. | ||||
| CVE-2016-2343 | 1 Patterson Dental | 1 Eaglesoft | 2025-04-12 | N/A |
| Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | ||||
| CVE-2016-2099 | 2 Apache, Opensuse | 2 Xerces-c\+\+, Opensuse | 2025-04-12 | N/A |
| Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | ||||
| CVE-2016-1973 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Linux, Enterprise Linux | 2025-04-12 | N/A |
| Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | ||||
| CVE-2016-1900 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2025-04-12 | N/A |
| CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | ||||
| CVE-2016-1962 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | ||||
| CVE-2016-1729 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application. | ||||
| CVE-2016-1613 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. | ||||