The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2016-11052 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2016-11051 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0569. Reason: This candidate is a duplicate of CVE-2015-0569. Notes: All CVE users should reference CVE-2015-0569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | HIGH | Apr 8, 2020 | n/a |
| CVE-2016-11050 | An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016). | LOW | Apr 8, 2020 | n/a |
| CVE-2016-11049 | An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2016-11048 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016). | LOW | Apr 8, 2020 | n/a |
| CVE-2016-11047 | An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11046 | An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11045 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11044 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application\'s signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11043 | An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11042 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11041 | An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). | LOW | Apr 7, 2020 | n/a |
| CVE-2016-11040 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). | LOW | Apr 9, 2020 | n/a |
| CVE-2016-11039 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016). | HIGH | Apr 9, 2020 | n/a |
| CVE-2016-11038 | An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn\'t implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016). | HIGH | Apr 9, 2020 | n/a |
| CVE-2016-11036 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | HIGH | Apr 9, 2020 | n/a |
| CVE-2016-11035 | An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2016-11034 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016). | HIGH | Apr 9, 2020 | n/a |
| CVE-2016-11033 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). | HIGH | Apr 7, 2020 | n/a |
| CVE-2016-11032 | An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11031 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016). | HIGH | Apr 7, 2020 | n/a |
| CVE-2016-11030 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11029 | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). | MEDIUM | Apr 7, 2020 | n/a |
| CVE-2016-11028 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016). | HIGH | Apr 7, 2020 | n/a |
| CVE-2016-11027 | An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). | LOW | Apr 8, 2020 | n/a |
| CVE-2016-11026 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). | HIGH | Apr 8, 2020 | n/a |
| CVE-2016-11025 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016). | HIGH | Apr 8, 2020 | n/a |
| CVE-2016-11024 | odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | HIGH | Mar 30, 2020 | n/a |
| CVE-2016-11023 | odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | HIGH | Mar 30, 2020 | n/a |
| CVE-2016-11022 | NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2016-11021 | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | HIGH | Mar 9, 2020 | n/a |
| CVE-2016-11020 | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | MEDIUM | Feb 28, 2020 | n/a |
| CVE-2016-11018 | An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | HIGH | Feb 6, 2020 | n/a |
| CVE-2016-11017 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | HIGH | Jan 14, 2020 | n/a |
| CVE-2016-11016 | NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | MEDIUM | Oct 17, 2019 | n/a |
| CVE-2016-11015 | NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | MEDIUM | Oct 17, 2019 | n/a |
| CVE-2016-11014 | NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | HIGH | Oct 18, 2019 | n/a |
| CVE-2016-11013 | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11012 | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | LOW | Sep 20, 2019 | n/a |
| CVE-2016-11011 | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11010 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11009 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11008 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11007 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11006 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11005 | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11004 | The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11003 | The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11002 | The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | MEDIUM | Sep 20, 2019 | n/a |
| CVE-2016-11001 | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | MEDIUM | Sep 20, 2019 | n/a |
