CVE-2016-3xxx

There are 956 CVE in this subgroup.
Last updated: 
← Back to 2016
ID Summary Flags Max Score
CVE-2016-3000 The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows r...
S
CVE-2016-3001 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 b...
S
CVE-2016-3002 IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate att...
CVE-2016-3003 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 b...
S
CVE-2016-3004 Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5,...
S
CVE-2016-3005 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 throu...
S
CVE-2016-3006 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 b...
S
CVE-2016-3007 Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before C...
S
CVE-2016-3008 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 bef...
S
CVE-2016-3009 Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5,...
CVE-2016-3010 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 throu...
S
CVE-2016-3012 IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal serv...
CVE-2016-3013 IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data ...
S
CVE-2016-3014 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo...
CVE-2016-3015 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to ...
S
CVE-2016-3016 IBM Security Access Manager for Web processes patches, image backups and other updates without suffi...
S
CVE-2016-3017 IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information du...
S
CVE-2016-3018 IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows...
CVE-2016-3019 IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that co...
S
CVE-2016-3020 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass ...
S
CVE-2016-3021 IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive inform...
CVE-2016-3022 IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensi...
S
CVE-2016-3023 IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive ...
S
CVE-2016-3024 IBM Security Access Manager for Web allows web pages to be stored locally which can be read by anoth...
S
CVE-2016-3025 IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before...
CVE-2016-3027 IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External ...
S
CVE-2016-3028 IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Ma...
CVE-2016-3029 IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an...
S
CVE-2016-3031 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to ...
S
CVE-2016-3032 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to ...
M
CVE-2016-3033 IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or ...
CVE-2016-3034 IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which c...
S
CVE-2016-3035 IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the ...
S
CVE-2016-3036 IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer ov...
S
CVE-2016-3037 IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session...
S
CVE-2016-3038 IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users ...
S
CVE-2016-3039 IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files o...
CVE-2016-3040 IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager ...
S
CVE-2016-3042 Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Lib...
CVE-2016-3043 IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, c...
S
CVE-2016-3044 The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows gu...
CVE-2016-3045 IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to...
S
CVE-2016-3046 IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send spe...
S
CVE-2016-3047 Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote auth...
M
CVE-2016-3048 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerabili...
S
CVE-2016-3049 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker coul...
CVE-2016-3051 IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privilege...
S
CVE-2016-3052 Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the ...
S
CVE-2016-3053 IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtai...
E
CVE-2016-3054 Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated ...
S
CVE-2016-3055 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrar...
S
CVE-2016-3056 Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 throu...
S
CVE-2016-3057 Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5....
S
CVE-2016-3059 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum...
S
CVE-2016-3060 Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and C...
S
CVE-2016-3062 The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows r...
S
CVE-2016-3063 Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special ch...
S
CVE-2016-3064 NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated user...
S
CVE-2016-3065 The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreS...
S
CVE-2016-3066 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard...
CVE-2016-3067 Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows ...
CVE-2016-3068 Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL...
S
CVE-2016-3069 Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when con...
S
CVE-2016-3070 The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kerne...
S
CVE-2016-3071 Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKE...
CVE-2016-3072 Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/...
S
CVE-2016-3073 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3079. Reason: This candida...
R
CVE-2016-3074 Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers ...
E S
CVE-2016-3075 Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Libr...
CVE-2016-3076 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows rem...
CVE-2016-3077 The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users t...
CVE-2016-3078 Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attack...
E S
CVE-2016-3079 Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite...
CVE-2016-3080 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote at...
CVE-2016-3081 Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invo...
E S
CVE-2016-3082 XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.2...
S
CVE-2016-3083 Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both...
CVE-2016-3084 The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 a...
CVE-2016-3085 Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before...
CVE-2016-3086 The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the passwor...
M
CVE-2016-3087 Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invo...
E
CVE-2016-3088 The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uploa...
KEV E S
CVE-2016-3089 Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows...
CVE-2016-3090 The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attacke...
CVE-2016-3091 Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service....
CVE-2016-3092 The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x be...
S
CVE-2016-3093 Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL b...
CVE-2016-3094 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaint...
CVE-2016-3095 server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated pri...
E S
CVE-2016-3096 The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0....
S
CVE-2016-3097 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote at...
CVE-2016-3098 Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote atta...
S
CVE-2016-3099 mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterpris...
CVE-2016-3100 kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allow...
CVE-2016-3101 Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows r...
CVE-2016-3102 The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy ...
CVE-2016-3103 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3104 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial ...
CVE-2016-3105 The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arb...
CVE-2016-3106 Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner....
S
CVE-2016-3107 The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readabl...
S
CVE-2016-3108 The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or wr...
S
CVE-2016-3109 The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary...
E S
CVE-2016-3110 mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of s...
CVE-2016-3111 pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate me...
S
CVE-2016-3112 client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/co...
S
CVE-2016-3113 Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary...
CVE-2016-3114 Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or del...
CVE-2016-3115 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote au...
E
CVE-2016-3116 CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to byp...
CVE-2016-3118 CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 ...
CVE-2016-3119 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB modul...
S
CVE-2016-3120 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos ...
CVE-2016-3124 The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP versi...
CVE-2016-3125 The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the T...
CVE-2016-3126 Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (...
CVE-2016-3127 An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Ser...
CVE-2016-3128 A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows ...
M
CVE-2016-3129 A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) impl...
CVE-2016-3130 An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise ...
CVE-2016-3131 Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls....
CVE-2016-3132 Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in ...
E S
CVE-2016-3134 The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, w...
CVE-2016-3135 Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel...
CVE-2016-3136 The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1...
E
CVE-2016-3137 drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attacke...
CVE-2016-3138 The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physic...
CVE-2016-3139 The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows ...
E
CVE-2016-3140 The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1...
E
CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5...
CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before...
CVE-2016-3144 Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal...
S
CVE-2016-3145 Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, a...
CVE-2016-3147 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier...
CVE-2016-3149 Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before ...
CVE-2016-3150 Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1...
CVE-2016-3151 Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 d...
CVE-2016-3152 Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the ro...
CVE-2016-3153 SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execu...
S
CVE-2016-3154 The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before...
S
CVE-2016-3155 Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to...
CVE-2016-3156 The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, w...
S
CVE-2016-3157 The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly conte...
S
CVE-2016-3158 The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware ...
S
CVE-2016-3159 The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardwa...
S
CVE-2016-3161 For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service ...
S
CVE-2016-3162 The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to ...
S
CVE-2016-3163 The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote att...
S
CVE-2016-3164 Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduc...
S
CVE-2016-3165 The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might al...
S
CVE-2016-3166 CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used ...
S
CVE-2016-3167 Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PH...
S
CVE-2016-3168 The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hija...
S
CVE-2016-3169 The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privil...
S
CVE-2016-3170 The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x be...
S
CVE-2016-3171 Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.1...
S
CVE-2016-3172 SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated user...
E
CVE-2016-3173 An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of ...
CVE-2016-3174 An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers t...
CVE-2016-3176 Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, all...
CVE-2016-3177 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecifi...
S
CVE-2016-3178 The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a...
S
CVE-2016-3179 The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a...
S
CVE-2016-3180 Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-t...
CVE-2016-3181 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182. Reason: This candidate...
R
CVE-2016-3182 The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to c...
S
CVE-2016-3183 The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cau...
S
CVE-2016-3185 The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28...
CVE-2016-3186 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers...
CVE-2016-3187 The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUE...
S
CVE-2016-3188 The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal a...
S
CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denia...
CVE-2016-3190 The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows...
E S
CVE-2016-3191 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 b...
E
CVE-2016-3192 Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files....
CVE-2016-3193 Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5...
CVE-2016-3194 Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x befo...
CVE-2016-3195 Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 an...
CVE-2016-3196 Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x befor...
CVE-2016-3197 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3197. Reason: This candida...
R
CVE-2016-3198 Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechan...
CVE-2016-3199 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3200 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3201 Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge...
CVE-2016-3202 The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Int...
CVE-2016-3203 Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge...
CVE-2016-3204 The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explor...
CVE-2016-3205 The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t...
CVE-2016-3206 The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t...
CVE-2016-3207 The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t...
CVE-2016-3208 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3209 Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...
CVE-2016-3210 The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote at...
CVE-2016-3211 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2016-3212 The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, wh...
CVE-2016-3213 The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows ...
CVE-2016-3214 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3215 Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow re...
S
CVE-2016-3216 GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 S...
E
CVE-2016-3217 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3218 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3219 The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges v...
E
CVE-2016-3220 atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 ...
E
CVE-2016-3221 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3222 Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor...
E
CVE-2016-3223 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
E
CVE-2016-3224 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3225 The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...
E
CVE-2016-3226 Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote a...
CVE-2016-3227 Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R...
CVE-2016-3228 Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authen...
CVE-2016-3229 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3230 The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server...
CVE-2016-3231 The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows l...
CVE-2016-3232 The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows ...
CVE-2016-3233 Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers t...
CVE-2016-3234 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer,...
CVE-2016-3235 Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Vis...
KEV E S
CVE-2016-3236 The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows ...
CVE-2016-3237 Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows ...
E S
CVE-2016-3238 The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Window...
CVE-2016-3239 The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Window...
CVE-2016-3240 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2016-3241 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2016-3242 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2016-3243 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2016-3244 Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web sit...
CVE-2016-3245 Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP conn...
CVE-2016-3246 Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor...
CVE-2016-3247 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code o...
E
CVE-2016-3248 The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft I...
CVE-2016-3249 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3250 The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local us...
CVE-2016-3251 The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2...
CVE-2016-3252 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3253 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3254 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3255 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read ...
CVE-2016-3256 Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection me...
CVE-2016-3257 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3258 Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8...
CVE-2016-3259 The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft I...
CVE-2016-3260 The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft I...
CVE-2016-3261 Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted...
CVE-2016-3262 Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...
CVE-2016-3263 Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...
CVE-2016-3264 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr...
CVE-2016-3265 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3266 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3267 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the ...
CVE-2016-3268 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3269 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3270 The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 ...
CVE-2016-3271 The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from p...
CVE-2016-3272 The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10...
CVE-2016-3273 The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly rest...
CVE-2016-3274 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct conten...
CVE-2016-3275 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3276 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing...
CVE-2016-3277 Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive ...
CVE-2016-3278 Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbit...
CVE-2016-3279 Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, Power...
CVE-2016-3280 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for M...
CVE-2016-3281 Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2...
CVE-2016-3282 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016,...
CVE-2016-3283 Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office documen...
CVE-2016-3284 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for M...
CVE-2016-3285 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3286 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3287 Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511...
CVE-2016-3288 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web p...
E
CVE-2016-3289 Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a craft...
CVE-2016-3290 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web p...
CVE-2016-3291 Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remo...
CVE-2016-3292 Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows ...
CVE-2016-3293 Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code v...
CVE-2016-3294 Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor...
CVE-2016-3295 Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary...
CVE-2016-3296 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via...
CVE-2016-3297 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr...
CVE-2016-3298 Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Window...
KEV S
CVE-2016-3299 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
CVE-2016-3300 The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 i...
S
CVE-2016-3301 The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows...
E
CVE-2016-3302 Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, ...
S
CVE-2016-3303 The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...
E
CVE-2016-3304 The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...
E
CVE-2016-3305 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
S
CVE-2016-3306 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
S
CVE-2016-3307 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3308 The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows ...
CVE-2016-3309 The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows ...
KEV E S
CVE-2016-3310 The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows ...
CVE-2016-3311 The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows ...
CVE-2016-3312 ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by...
CVE-2016-3313 Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Vi...
E
CVE-2016-3314 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3315 Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote att...
CVE-2016-3316 Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbit...
E
CVE-2016-3317 Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and W...
CVE-2016-3318 Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arb...
CVE-2016-3319 The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511,...
CVE-2016-3320 Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511...
S
CVE-2016-3321 Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depend...
CVE-2016-3322 Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a craft...
CVE-2016-3323 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3324 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
E
CVE-2016-3325 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive informa...
E
CVE-2016-3326 Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive informa...
CVE-2016-3327 Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive informa...
CVE-2016-3328 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3329 Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence ...
CVE-2016-3330 Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor...
CVE-2016-3331 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code o...
CVE-2016-3332 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3333 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3334 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3335 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3336 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3337 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3338 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3339 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3340 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3341 The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold an...
CVE-2016-3342 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3343 The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and...
CVE-2016-3344 The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain se...
CVE-2016-3345 The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...
CVE-2016-3346 Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local ...
CVE-2016-3347 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3348 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
CVE-2016-3349 The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, a...
CVE-2016-3350 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3351 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensiti...
KEV E S
CVE-2016-3352 Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTL...
CVE-2016-3353 Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows ...
CVE-2016-3354 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 S...
CVE-2016-3355 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 S...
CVE-2016-3356 The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute ...
CVE-2016-3357 Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word f...
E
CVE-2016-3358 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 ...
CVE-2016-3359 Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remo...
CVE-2016-3360 Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, Pow...
CVE-2016-3361 Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, a...
CVE-2016-3362 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp...
CVE-2016-3363 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp...
CVE-2016-3364 Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "...
CVE-2016-3365 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp...
CVE-2016-3366 Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, a...
CVE-2016-3367 StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for st...
CVE-2016-3368 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...
CVE-2016-3369 Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vec...
CVE-2016-3370 The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and...
CVE-2016-3371 The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi...
E
CVE-2016-3372 The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce ...
CVE-2016-3373 The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi...
E
CVE-2016-3374 The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and...
CVE-2016-3375 The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through ...
CVE-2016-3376 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...
S
CVE-2016-3377 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3378 Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 C...
CVE-2016-3379 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2...
CVE-2016-3380 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3381 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp...
CVE-2016-3382 The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote at...
CVE-2016-3383 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2016-3384 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2016-3385 The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute ...
CVE-2016-3386 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3387 Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private ...
E
CVE-2016-3388 Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private ...
E
CVE-2016-3389 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or ...
CVE-2016-3390 The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to...
CVE-2016-3391 Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discov...
CVE-2016-3392 The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, whi...
CVE-2016-3393 Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...
KEV S
CVE-2016-3394 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3395 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3396 Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...
CVE-2016-3397 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3399 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2016-3400 NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtai...
CVE-2016-3401 Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to ...
CVE-2016-3402 Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect con...
CVE-2016-3403 Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaborat...
E S
CVE-2016-3404 Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect int...
CVE-2016-3405 Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to ...
CVE-2016-3406 Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allo...
CVE-2016-3407 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remot...
CVE-2016-3408 Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attacker...
CVE-2016-3409 Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attacker...
CVE-2016-3410 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remot...
CVE-2016-3411 Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attacker...
E
CVE-2016-3412 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remot...
CVE-2016-3413 Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect int...
CVE-2016-3414 Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated u...
S
CVE-2016-3415 Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via uns...
CVE-2016-3416 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
CVE-2016-3417 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3418 Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29,...
S
CVE-2016-3419 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit...
S
CVE-2016-3420 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
CVE-2016-3421 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3422 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect ...
CVE-2016-3423 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3424 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect ...
S
CVE-2016-3425 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki...
CVE-2016-3426 Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers t...
CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki...
KEV S
CVE-2016-3428 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply...
CVE-2016-3429 Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Ap...
CVE-2016-3431 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
CVE-2016-3432 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Mi...
S
CVE-2016-3433 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle...
S
CVE-2016-3434 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su...
CVE-2016-3435 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3436 Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business ...
CVE-2016-3437 Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 all...
CVE-2016-3438 Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite...
CVE-2016-3439 Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 all...
CVE-2016-3440 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to af...
S
CVE-2016-3441 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentia...
S
CVE-2016-3442 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3443 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect ...
CVE-2016-3444 Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applicatio...
S
CVE-2016-3445 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-3446 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle...
S
CVE-2016-3447 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ...
CVE-2016-3448 Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0....
S
CVE-2016-3449 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect ...
CVE-2016-3450 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-3451 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-3452 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and ear...
S
CVE-2016-3453 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vec...
S
CVE-2016-3454 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and...
CVE-2016-3455 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
CVE-2016-3456 Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracl...
CVE-2016-3457 Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSo...
CVE-2016-3458 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows...
S
CVE-2016-3459 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0...
S
CVE-2016-3460 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9...
CVE-2016-3461 Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earli...
CVE-2016-3462 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
CVE-2016-3463 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic...
CVE-2016-3464 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic...
CVE-2016-3465 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit...
S
CVE-2016-3466 Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 1...
CVE-2016-3467 Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0....
S
CVE-2016-3468 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply...
S
CVE-2016-3469 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-3470 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
S
CVE-2016-3471 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local use...
S
CVE-2016-3472 Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle S...
S
CVE-2016-3473 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Mi...
E S
CVE-2016-3474 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Mi...
S
CVE-2016-3475 Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote...
S
CVE-2016-3476 Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote...
S
CVE-2016-3477 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and ear...
S
CVE-2016-3478 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
CVE-2016-3479 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 a...
S
CVE-2016-3480 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 ...
S
CVE-2016-3481 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-3482 Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 a...
S
CVE-2016-3483 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-3484 Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0...
S
CVE-2016-3485 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRock...
S
CVE-2016-3486 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote au...
S
CVE-2016-3487 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1...
S
CVE-2016-3488 Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows loc...
S
CVE-2016-3489 Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1...
S
CVE-2016-3490 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
S
CVE-2016-3491 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suit...
S
CVE-2016-3492 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear...
S
CVE-2016-3493 Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 ...
S
CVE-2016-3494 Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manage...
S
CVE-2016-3495 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-3496 Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterp...
S
CVE-2016-3497 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
S
CVE-2016-3498 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availab...
S
CVE-2016-3499 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3...
S
CVE-2016-3500 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRock...
S
CVE-2016-3501 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote au...
S
CVE-2016-3502 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1...
S
CVE-2016-3503 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect conf...
S
CVE-2016-3504 Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0,...
S
CVE-2016-3505 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-3506 Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12...
S
CVE-2016-3507 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3508 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRock...
S
CVE-2016-3509 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3510 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-3511 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidential...
S
CVE-2016-3512 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-3513 Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Commun...
S
CVE-2016-3514 Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communi...
S
CVE-2016-3515 Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communi...
S
CVE-2016-3516 Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communi...
S
CVE-2016-3517 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3518 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to af...
S
CVE-2016-3519 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3520 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su...
S
CVE-2016-3521 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and ear...
S
CVE-2016-3522 Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Bu...
S
CVE-2016-3523 Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Bu...
S
CVE-2016-3524 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business...
S
CVE-2016-3525 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12...
S
CVE-2016-3526 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3527 Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Su...
S
CVE-2016-3528 Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1....
S
CVE-2016-3529 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3530 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3531 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3532 Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Su...
S
CVE-2016-3533 Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12...
S
CVE-2016-3534 Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, ...
S
CVE-2016-3535 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suit...
S
CVE-2016-3536 Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1....
S
CVE-2016-3537 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3538 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3539 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3540 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Man...
S
CVE-2016-3541 Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business ...
S
CVE-2016-3542 Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12...
S
CVE-2016-3543 Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business ...
S
CVE-2016-3544 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle...
S
CVE-2016-3545 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su...
S
CVE-2016-3546 Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12...
S
CVE-2016-3547 Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite ...
S
CVE-2016-3548 Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1....
S
CVE-2016-3549 Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracl...
S
CVE-2016-3550 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows ...
S
CVE-2016-3551 Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7....
S
CVE-2016-3552 Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integ...
S
CVE-2016-3553 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3554 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3555 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3556 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3557 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3558 Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12...
S
CVE-2016-3559 Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12...
S
CVE-2016-3560 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3561 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-3562 Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11...
S
CVE-2016-3563 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Man...
S
CVE-2016-3564 Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2...
S
CVE-2016-3565 Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications ...
S
CVE-2016-3566 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3567 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3568 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3569 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3570 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3571 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3572 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3573 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-3574 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3575 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3576 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3577 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3578 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3579 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3580 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3581 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3582 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3583 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3584 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, i...
S
CVE-2016-3585 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-3586 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-3587 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers t...
S
CVE-2016-3588 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to af...
S
CVE-2016-3589 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic...
S
CVE-2016-3590 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3591 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3592 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3593 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3594 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3595 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3596 Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, ...
S
CVE-2016-3597 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ...
S
CVE-2016-3598 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers t...
S
CVE-2016-3599 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3600 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3601 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3602 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3603 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3604 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3605 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3606 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote a...
S
CVE-2016-3607 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1...
S
CVE-2016-3608 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1...
S
CVE-2016-3609 Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12...
S
CVE-2016-3610 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers t...
S
CVE-2016-3611 Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications ...
S
CVE-2016-3612 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ...
S
CVE-2016-3613 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.6...
S
CVE-2016-3614 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote au...
S
CVE-2016-3615 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and ear...
S
CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dere...
CVE-2016-3619 The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, whe...
E
CVE-2016-3620 The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c ...
E
CVE-2016-3621 The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c ...
CVE-2016-3622 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote...
E
CVE-2016-3623 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service...
E
CVE-2016-3624 The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to ...
E
CVE-2016-3625 tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denia...
CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode...
S
CVE-2016-3628 Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and ...
CVE-2016-3629 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3630 The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code...
CVE-2016-3631 The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow ...
CVE-2016-3632 The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to...
S
CVE-2016-3633 The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to ca...
CVE-2016-3634 The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows r...
CVE-2016-3635 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON...
CVE-2016-3638 SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory co...
CVE-2016-3639 SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information ...
CVE-2016-3640 The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows...
CVE-2016-3642 The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to ex...
E
CVE-2016-3643 SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveragi...
KEV E
CVE-2016-3644 The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center S...
E
CVE-2016-3645 Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat...
E
CVE-2016-3646 The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center S...
E
CVE-2016-3647 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to...
CVE-2016-3648 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to...
CVE-2016-3649 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administ...
CVE-2016-3650 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to...
CVE-2016-3651 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to...
CVE-2016-3652 Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Prote...
E
CVE-2016-3653 Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoin...
E
CVE-2016-3654 The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x...
CVE-2016-3655 The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x ...
CVE-2016-3656 The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x befo...
CVE-2016-3657 Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before...
CVE-2016-3658 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4....
CVE-2016-3659 SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to ...
E
CVE-2016-3664 Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mob...
CVE-2016-3670 Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay...
E
CVE-2016-3672 The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not ...
E S
CVE-2016-3673 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3674 Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDr...
CVE-2016-3675 SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows re...
CVE-2016-3676 Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the...
CVE-2016-3677 The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, wh...
CVE-2016-3678 Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 al...
CVE-2016-3679 Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before...
CVE-2016-3680 Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NX...
CVE-2016-3681 Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NX...
CVE-2016-3682 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3684 SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, whi...
E
CVE-2016-3685 SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windo...
E
CVE-2016-3686 The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11....
CVE-2016-3687 Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 an...
CVE-2016-3688 SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary S...
E
CVE-2016-3689 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1...
CVE-2016-3690 The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code ...
M
CVE-2016-3691 Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the ...
CVE-2016-3692 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3693 The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails cont...
CVE-2016-3694 Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, whe...
E
CVE-2016-3695 The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to...
S
CVE-2016-3696 The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key....
CVE-2016-3697 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a...
S
CVE-2016-3698 libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Disc...
CVE-2016-3699 The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when boot...
E S
CVE-2016-3700 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3701 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3702 Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain s...
CVE-2016-3703 Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anony...
CVE-2016-3704 Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords....
S
CVE-2016-3705 The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 ...
CVE-2016-3706 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C ...
CVE-2016-3707 The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux...
CVE-2016-3708 Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace...
CVE-2016-3709 Possible cross-site scripting vulnerability in libxml after commit 960f0e2....
E
CVE-2016-3710 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which a...
S
CVE-2016-3711 HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the in...
S
CVE-2016-3712 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service ...
S
CVE-2016-3713 The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2...
CVE-2016-3714 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in I...
KEV E S
CVE-2016-3715 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to...
KEV E S
CVE-2016-3716 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move ...
E S
CVE-2016-3717 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to rea...
E S
CVE-2016-3718 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote a...
KEV E S
CVE-2016-3719 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...
R
CVE-2016-3720 XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka j...
CVE-2016-3721 Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary...
CVE-2016-3722 Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to...
CVE-2016-3723 Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtai...
CVE-2016-3724 Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access...
CVE-2016-3725 Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of u...
CVE-2016-3726 Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote att...
CVE-2016-3727 The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote aut...
CVE-2016-3728 Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before ...
CVE-2016-3729 The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 throug...
CVE-2016-3730 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3731 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtai...
CVE-2016-3732 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 thro...
CVE-2016-3733 The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2....
S
CVE-2016-3734 Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 th...
S
CVE-2016-3735 Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaul...
S
CVE-2016-3736 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-3737 The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute...
CVE-2016-3738 Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remot...
CVE-2016-3739 The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in...
CVE-2016-3740 Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Rea...
CVE-2016-3741 The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice ...
CVE-2016-3742 decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra m...
CVE-2016-3743 decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain dat...
CVE-2016-3744 Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before...
CVE-2016-3745 Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befo...
CVE-2016-3746 Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x befor...
CVE-2016-3747 Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x befor...
CVE-2016-3748 The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-ca...
CVE-2016-3749 server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attac...
CVE-2016-3750 libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2...
CVE-2016-3751 Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before...
CVE-2016-3752 internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mish...
CVE-2016-3753 mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via ...
CVE-2016-3754 mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016...
CVE-2016-3755 decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly sele...
CVE-2016-3756 Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1,...
CVE-2016-3757 The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef...
CVE-2016-3758 Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4,...
CVE-2016-3759 The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allo...
CVE-2016-3760 Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local ...
CVE-2016-3761 NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x ...
CVE-2016-3762 The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 a...
CVE-2016-3763 net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x ...
CVE-2016-3764 media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, ...
CVE-2016-3765 decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obta...
CVE-2016-3766 MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2,...
CVE-2016-3767 The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to ga...
CVE-2016-3768 The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) ...
S
CVE-2016-3769 The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain pri...
S
CVE-2016-3770 The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain pri...
CVE-2016-3771 The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain pri...
CVE-2016-3772 The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain pri...
CVE-2016-3773 The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain pri...
CVE-2016-3774 The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain pri...
CVE-2016-3775 The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Ne...
CVE-2016-3776 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3777 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3778 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3779 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3780 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3781 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3782 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3783 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3784 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3785 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3786 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3787 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3788 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3789 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3790 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3791 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3792 CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7...
CVE-2016-3793 The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain pr...
CVE-2016-3794 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3814. Reason: This candida...
R
CVE-2016-3795 The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to ga...
CVE-2016-3796 The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to ga...
CVE-2016-3797 The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain ...
CVE-2016-3798 The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attac...
CVE-2016-3799 The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to ga...
CVE-2016-3800 The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to ga...
S
CVE-2016-3801 The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain...
S
CVE-2016-3802 The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attacker...
S
CVE-2016-3803 The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows ...
S
CVE-2016-3804 The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows atta...
S
CVE-2016-3805 The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows atta...
S
CVE-2016-3806 The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to ...
S
CVE-2016-3807 The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allow...
S
CVE-2016-3808 The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attack...
S
CVE-2016-3809 The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Ne...
S
CVE-2016-3810 The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to ob...
S
CVE-2016-3811 The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain pri...
S
CVE-2016-3812 The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers...
S
CVE-2016-3813 The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attack...
S
CVE-2016-3814 The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain ...
S
CVE-2016-3815 The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain ...
S
CVE-2016-3816 The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to ...
S
CVE-2016-3817 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-3818 libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang o...
CVE-2016-3819 Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Andr...
S
CVE-2016-3820 The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which a...
S
CVE-2016-3821 libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x...
S
CVE-2016-3822 exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before ...
S
CVE-2016-3823 The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before ...
S
CVE-2016-3824 omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5...
S
CVE-2016-3825 mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x b...
S
CVE-2016-3826 services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5....
S
CVE-2016-3827 codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mish...
S
CVE-2016-3828 decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS ...
S
CVE-2016-3829 The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain struc...
S
CVE-2016-3830 codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor...
S
CVE-2016-3831 The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x...
S
CVE-2016-3832 The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x befo...
S
CVE-2016-3833 The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 doe...
S
CVE-2016-3834 The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before ...
S
CVE-2016-3835 The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before ...
S
CVE-2016-3836 The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08...
S
CVE-2016-3837 service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x bef...
S
CVE-2016-3838 Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 9...
S
CVE-2016-3839 Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-0...
S
CVE-2016-3840 Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-0...
S
CVE-2016-3841 The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to...
S
CVE-2016-3842 The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers...
S
CVE-2016-3843 Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allow...
S
CVE-2016-3844 mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain pri...
S
CVE-2016-3845 The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to g...
S
CVE-2016-3846 The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allow...
S
CVE-2016-3847 The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain pri...
S
CVE-2016-3848 The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain pri...
S
CVE-2016-3849 The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges v...
S
CVE-2016-3850 Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nex...
S
CVE-2016-3851 The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain...
S
CVE-2016-3852 The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to ob...
S
CVE-2016-3853 Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the F...
S
CVE-2016-3854 drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does ...
S
CVE-2016-3855 drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not va...
S
CVE-2016-3856 netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to ...
S
CVE-2016-3857 The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privilege...
S
CVE-2016-3858 Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android ...
S
CVE-2016-3859 The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows att...
S
CVE-2016-3860 sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 ...
S
CVE-2016-3861 LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01,...
E S
CVE-2016-3862 media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor...
S
CVE-2016-3863 Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstage...
S
CVE-2016-3864 The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus...
S
CVE-2016-3865 The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attac...
S
CVE-2016-3866 The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attacke...
S
CVE-2016-3867 The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to ...
S
CVE-2016-3868 The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers t...
S
CVE-2016-3869 The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus...
S
CVE-2016-3870 omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x b...
S
CVE-2016-3871 Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4...
S
CVE-2016-3872 Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before...
S
CVE-2016-3873 The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privilege...
S
CVE-2016-3874 CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X d...
S
CVE-2016-3875 server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_S...
S
CVE-2016-3876 providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 ...
S
CVE-2016-3877 Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors....
CVE-2016-3878 decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding...
S
CVE-2016-3879 arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...
S
CVE-2016-3880 Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Androi...
S
CVE-2016-3881 The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x ...
S
CVE-2016-3882 Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01...
S
CVE-2016-3883 internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...
S
CVE-2016-3884 server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6...
S
CVE-2016-3885 debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2...
S
CVE-2016-3886 systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016...
S
CVE-2016-3887 providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce ...
S
CVE-2016-3888 internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...
S
CVE-2016-3889 Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to byp...
S
CVE-2016-3890 The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5...
S
CVE-2016-3892 The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attac...
S
CVE-2016-3893 The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound code...
S
CVE-2016-3894 The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtai...
S
CVE-2016-3895 Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6...
S
CVE-2016-3896 AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-0...
S
CVE-2016-3897 The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before ...
S
CVE-2016-3898 Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2...
S
CVE-2016-3899 OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x...
S
CVE-2016-3900 cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before ...
S
CVE-2016-3901 Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine drive...
S
CVE-2016-3902 drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 o...
S
CVE-2016-3903 drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android...
S
CVE-2016-3904 An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 coul...
S
CVE-2016-3905 CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X d...
S
CVE-2016-3906 An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive...
S
CVE-2016-3907 An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive...
S
CVE-2016-3908 The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attacker...
S
CVE-2016-3909 The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5...
S
CVE-2016-3910 services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x ...
S
CVE-2016-3911 core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x b...
S
CVE-2016-3912 The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2...
S
CVE-2016-3913 media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x...
S
CVE-2016-3914 Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0...
S
CVE-2016-3915 camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...
S
CVE-2016-3916 camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...
S
CVE-2016-3917 The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not ...
S
CVE-2016-3918 email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2,...
S
CVE-2016-3919 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5195. Reason: This candida...
R
CVE-2016-3920 id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x ...
S
CVE-2016-3921 libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x befor...
S
CVE-2016-3922 libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 reli...
S
CVE-2016-3923 The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows at...
S
CVE-2016-3924 services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5....
S
CVE-2016-3925 server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows ...
S
CVE-2016-3926 Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, an...
S
CVE-2016-3927 Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P de...
S
CVE-2016-3928 The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a cra...
S
CVE-2016-3929 Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P de...
S
CVE-2016-3930 The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain ...
S
CVE-2016-3931 drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexu...
S
CVE-2016-3932 mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted applicati...
S
CVE-2016-3933 mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain pri...
CVE-2016-3934 drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in...
E
CVE-2016-3935 Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine drive...
S
CVE-2016-3936 The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a cra...
S
CVE-2016-3937 The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a cra...
S
CVE-2016-3938 drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 ...
S
CVE-2016-3939 drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nex...
CVE-2016-3940 The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices al...
CVE-2016-3941 Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player bef...
E
CVE-2016-3943 Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products ...
E
CVE-2016-3944 UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrar...
CVE-2016-3945 Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba to...
S
CVE-2016-3946 SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by rea...
CVE-2016-3947 Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squ...
S
CVE-2016-3948 Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote...
S
CVE-2016-3949 Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 P...
M
CVE-2016-3950 Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cau...
CVE-2016-3951 Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physica...
CVE-2016-3952 web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environme...
E
CVE-2016-3953 The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary...
E
CVE-2016-3954 web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct req...
E
CVE-2016-3955 The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 a...
S
CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 befo...
S
CVE-2016-3957 The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize ...
E
CVE-2016-3958 Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows loca...
CVE-2016-3959 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly...
CVE-2016-3960 Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a deni...
S
CVE-2016-3961 Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, ...
S
CVE-2016-3962 Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANT...
E
CVE-2016-3963 Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via t...
E
CVE-2016-3968 Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with f...
E
CVE-2016-3969 Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when Fi...
CVE-2016-3971 Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote a...
E
CVE-2016-3972 Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote auth...
E
CVE-2016-3973 The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS ...
CVE-2016-3974 XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 thr...
E
CVE-2016-3975 Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote atta...
E
CVE-2016-3976 Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers t...
KEV E
CVE-2016-3977 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to c...
S
CVE-2016-3978 The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before ...
CVE-2016-3979 Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attac...
CVE-2016-3980 The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to ca...
CVE-2016-3981 Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allow...
E S
CVE-2016-3982 Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote ...
S
CVE-2016-3983 McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware...
CVE-2016-3984 The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent ...
E
CVE-2016-3985 The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Con...
CVE-2016-3986 Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute ...
E
CVE-2016-3987 The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary comma...
E
CVE-2016-3988 Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000...
CVE-2016-3989 The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LA...
E
CVE-2016-3990 Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 ...
S
CVE-2016-3991 Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earli...
S
CVE-2016-3992 cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic....
CVE-2016-3993 Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows ...
CVE-2016-3994 The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (applicat...
S
CVE-2016-3995 The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBl...
S
CVE-2016-3996 ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows lo...
CVE-2016-3997 NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain...
CVE-2016-3998 NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information,...
CVE-2016-3999 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remot...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.