The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2016-9982 | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. | Medium | Jun 26, 2017 |
CVE-2016-9981 | IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 | MEDIUM | Aug 5, 2017 |
CVE-2016-9980 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. | LOW | Apr 20, 2017 |
CVE-2016-9979 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | LOW | Apr 20, 2017 |
CVE-2016-9978 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. | MEDIUM | Apr 20, 2017 |
CVE-2016-9977 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | MEDIUM | Jun 8, 2017 |
CVE-2016-9976 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | MEDIUM | May 12, 2017 |
CVE-2016-9975 | IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | MEDIUM | Feb 24, 2017 |
CVE-2016-9973 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. | Low | Jun 26, 2017 |
CVE-2016-9972 | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208. | MEDIUM | Jun 27, 2017 |
CVE-2016-9969 | In libwebp 0.5.1, there is a double free bug in libwebpmux. | Medium | May 28, 2019 |
CVE-2016-9967 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. | HIGH | Dec 22, 2016 |
CVE-2016-9966 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. | HIGH | Dec 22, 2016 |
CVE-2016-9965 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. | HIGH | Dec 22, 2016 |
CVE-2016-9964 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a sequence, which leads to a CRLF attack, as demonstrated by a redirect(233 Set-Cookie: name=salt) call. | MEDIUM | Dec 22, 2016 |
CVE-2016-9963 | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | LOW | Feb 1, 2017 |
CVE-2016-9962 | Race condition in Docker Engine before 1.12.6 might allow local root users in a container to gain privileges by using ptrace to access file-descriptors of a process launched or moved into the container from another namespace, aka an on-entry vulnerability. | MEDIUM | Feb 1, 2017 |
CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | HIGH | Jun 6, 2017 |
CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | LOW | Jun 6, 2017 |
CVE-2016-9959 | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | MEDIUM | Apr 20, 2017 |
CVE-2016-9958 | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | MEDIUM | Apr 20, 2017 |
CVE-2016-9957 | Stack-based buffer overflow in game-music-emu before 0.6.1. | MEDIUM | Apr 20, 2017 |
CVE-2016-9956 | The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | MEDIUM | Feb 24, 2017 |
CVE-2016-9955 | The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | MEDIUM | Feb 23, 2017 |
CVE-2016-9954 | The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern. | MEDIUM | Apr 21, 2017 |
CVE-2016-9953 | The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | HIGH | Apr 10, 2017 |
CVE-2016-9952 | The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by *.com. | MEDIUM | Apr 10, 2017 |
CVE-2016-9951 | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. | MEDIUM | Dec 23, 2016 |
CVE-2016-9950 | An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file Package and SourcePackage fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | HIGH | Dec 23, 2016 |
CVE-2016-9949 | An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a {. This allows remote attackers to execute arbitrary Python code. | HIGH | Dec 23, 2016 |
CVE-2016-9942 | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. | HIGH | Jan 4, 2017 |
CVE-2016-9941 | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. | HIGH | Jan 4, 2017 |
CVE-2016-9939 | Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. | MEDIUM | Feb 7, 2017 |
CVE-2016-9938 | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contactx01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you. | MEDIUM | Dec 12, 2016 |
CVE-2016-9937 | An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs. | MEDIUM | Dec 12, 2016 |
CVE-2016-9936 | The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. | HIGH | Jan 6, 2017 |
CVE-2016-9935 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. | HIGH | Jan 6, 2017 |
CVE-2016-9934 | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. | MEDIUM | Jan 6, 2017 |
CVE-2016-9933 | Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | MEDIUM | Jan 6, 2017 |
CVE-2016-9932 | CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a supposedly-ignored operand size prefix. | LOW | Jan 27, 2017 |
CVE-2016-9928 | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party\'s roster as another user, which will also garner associated privileges, via crafted XMPP packets. | MEDIUM | Feb 10, 2020 |
CVE-2016-9924 | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | HIGH | Apr 3, 2017 |
CVE-2016-9923 | Quick Emulator (Qemu) built with the \'chardev\' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | LOW | Dec 27, 2016 |
CVE-2016-9922 | The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. | LOW | Mar 27, 2017 |
CVE-2016-9921 | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | LOW | Dec 27, 2016 |
CVE-2016-9920 | steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | MEDIUM | Dec 9, 2016 |
CVE-2016-9919 | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | HIGH | Dec 13, 2016 |
CVE-2016-9918 | In BlueZ 5.42, an out-of-bounds read was identified in packet_hexdump function in monitor/packet.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | MEDIUM | Dec 8, 2016 |
CVE-2016-9917 | In BlueZ 5.42, a buffer overflow was observed in read_n function in tools/hcidump.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | MEDIUM | Dec 8, 2016 |
CVE-2016-9916 | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. | MEDIUM | Jan 3, 2017 |