Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-1887 | 1 Freebsd | 1 Freebsd | 2024-08-05 | N/A |
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. | ||||
CVE-2016-1896 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2024-08-05 | N/A |
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | ||||
CVE-2016-1880 | 1 Freebsd | 1 Freebsd | 2024-08-05 | N/A |
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." | ||||
CVE-2016-1751 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-08-05 | N/A |
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | ||||
CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | ||||
CVE-2016-1742 | 1 Apple | 1 Itunes | 2024-08-05 | N/A |
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
CVE-2016-1734 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-08-05 | N/A |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | ||||
CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | ||||
CVE-2016-1627 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2024-08-05 | N/A |
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. | ||||
CVE-2016-1636 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource. | ||||
CVE-2016-1632 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h. | ||||
CVE-2016-1629 | 5 Debian, Google, Novell and 2 more | 6 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 3 more | 2024-08-05 | N/A |
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | ||||
CVE-2016-1631 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
CVE-2016-1625 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2024-08-05 | N/A |
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. | ||||
CVE-2016-1622 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2024-08-05 | N/A |
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
CVE-2016-1630 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-05 | N/A |
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
CVE-2016-1623 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2024-08-05 | N/A |
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. | ||||
CVE-2016-1611 | 1 Novell | 1 Filr | 2024-08-05 | N/A |
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | ||||
CVE-2016-1531 | 1 Exim | 1 Exim | 2024-08-05 | N/A |
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | ||||
CVE-2016-1597 | 1 Netiq | 1 Access Governance Suite | 2024-08-05 | N/A |
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. |