Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2016 | 1 Hp | 4 Base-vxfs-50, Base-vxfs-501, Base-vxfs-51 and 1 more | 2016-11-30 | 2.1 LOW | 5.5 MEDIUM |
| Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. | |||||
| CVE-2016-2023 | 1 Hp | 1 Restful Interface Tool | 2016-11-30 | 2.1 LOW | 5.5 MEDIUM |
| HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2025 | 1 Hp | 1 Service Manager | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. | |||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2016-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
| CVE-2016-2185 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2016-2186 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2016-2208 | 1 Symantec | 1 Anti-virus Engine | 2016-11-30 | 9.4 HIGH | 9.1 CRITICAL |
| The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. | |||||
| CVE-2016-1846 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. | |||||
| CVE-2016-1848 | 1 Apple | 1 Mac Os X | 2016-11-30 | 6.8 MEDIUM | 7.8 HIGH |
| QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||||
| CVE-2016-1849 | 1 Apple | 2 Iphone Os, Safari | 2016-11-30 | 2.1 LOW | 3.3 LOW |
| The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | |||||
| CVE-2016-1671 | 1 Google | 2 Android, Chrome | 2016-11-30 | 6.8 MEDIUM | 8.1 HIGH |
| Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. | |||||
| CVE-2016-1742 | 1 Apple | 1 Itunes | 2016-11-30 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-1790 | 1 Apple | 1 Iphone Os | 2016-11-30 | 4.3 MEDIUM | 3.3 LOW |
| Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2016-1791 | 1 Apple | 1 Mac Os X | 2016-11-30 | 4.3 MEDIUM | 3.3 LOW |
| The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2016-1792 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1793 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1794 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1795 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2016-11-30 | 4.3 MEDIUM | 3.3 LOW |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
| CVE-2016-1797 | 1 Apple | 1 Mac Os X | 2016-11-30 | 9.3 HIGH | 7.8 HIGH |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | |||||