The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-10196 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | MEDIUM | Mar 17, 2017 |
CVE-2016-10195 | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | HIGH | Mar 21, 2017 |
CVE-2016-10194 | The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. | HIGH | Mar 9, 2017 |
CVE-2016-10193 | The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | HIGH | Mar 8, 2017 |
CVE-2016-10192 | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | HIGH | Feb 24, 2017 |
CVE-2016-10191 | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. | HIGH | Feb 24, 2017 |
CVE-2016-10190 | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. | HIGH | Feb 24, 2017 |
CVE-2016-10189 | BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | MEDIUM | Mar 15, 2017 |
CVE-2016-10188 | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | HIGH | Mar 15, 2017 |
CVE-2016-10187 | The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | MEDIUM | Mar 20, 2017 |
CVE-2016-10186 | An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | MEDIUM | Feb 7, 2017 |
CVE-2016-10185 | An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | MEDIUM | Feb 7, 2017 |
CVE-2016-10184 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | MEDIUM | Feb 7, 2017 |
CVE-2016-10183 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | MEDIUM | Feb 7, 2017 |
CVE-2016-10182 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | HIGH | Feb 7, 2017 |
CVE-2016-10181 | An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | MEDIUM | Feb 7, 2017 |
CVE-2016-10180 | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | MEDIUM | Feb 7, 2017 |
CVE-2016-10179 | An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | MEDIUM | Feb 7, 2017 |
CVE-2016-10178 | An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the /sbin/telnetd -l /bin/sh command. | HIGH | Feb 7, 2017 |
CVE-2016-10177 | An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. | HIGH | Feb 7, 2017 |
CVE-2016-10176 | The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. | HIGH | Jan 31, 2017 |
CVE-2016-10175 | The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. | MEDIUM | Jan 31, 2017 |
CVE-2016-10174 | The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. | HIGH | Jan 31, 2017 |
CVE-2016-10173 | Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | MEDIUM | Feb 1, 2017 |
CVE-2016-10172 | The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | MEDIUM | Mar 14, 2017 |
CVE-2016-10171 | The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | MEDIUM | Mar 14, 2017 |
CVE-2016-10170 | The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | MEDIUM | Mar 14, 2017 |
CVE-2016-10169 | The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. | MEDIUM | Mar 14, 2017 |
CVE-2016-10168 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | MEDIUM | Mar 16, 2017 |
CVE-2016-10167 | The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | MEDIUM | Mar 16, 2017 |
CVE-2016-10166 | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. | HIGH | Mar 16, 2017 |
CVE-2016-10165 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | MEDIUM | Feb 3, 2017 |
CVE-2016-10164 | Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. | HIGH | Feb 1, 2017 |
CVE-2016-10163 | Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context. | MEDIUM | Mar 17, 2017 |
CVE-2016-10162 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | MEDIUM | Jan 27, 2017 |
CVE-2016-10161 | The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. | MEDIUM | Jan 27, 2017 |
CVE-2016-10160 | Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | HIGH | Jan 27, 2017 |
CVE-2016-10159 | Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. | MEDIUM | Jan 27, 2017 |
CVE-2016-10158 | The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | MEDIUM | Jan 27, 2017 |
CVE-2016-10157 | Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | HIGH | Feb 6, 2017 |
CVE-2016-10156 | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | HIGH | Jan 27, 2017 |
CVE-2016-10155 | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | MEDIUM | Mar 16, 2017 |
CVE-2016-10154 | The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. | MEDIUM | Feb 6, 2017 |
CVE-2016-10153 | The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. | HIGH | Feb 6, 2017 |
CVE-2016-10152 | The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the .athena.mit.edu default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | HIGH | Mar 31, 2017 |
CVE-2016-10151 | The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | MEDIUM | Mar 3, 2017 |
CVE-2016-10150 | Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | HIGH | Feb 6, 2017 |
CVE-2016-10149 | XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | MEDIUM | Mar 27, 2017 |
CVE-2016-10148 | The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | MEDIUM | Jan 20, 2017 |
CVE-2016-10147 | crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). | MEDIUM | Jan 23, 2017 |