Latest CVE Feed
-
9.8
CRITICALCVE-2016-4576
Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
8.1
HIGHCVE-2016-4087
Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4049
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2016-4037
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-201... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
8.6
HIGHCVE-2016-4001
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public k... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-3958
Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.... Read more
Affected Products : go- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.4
HIGHCVE-2016-3664
Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-2855
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.... Read more
Affected Products : mobile_broadband_hl_service- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4951
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impa... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4913
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unsp... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a networ... Read more
Affected Products : linux_kernel ubuntu_linux enterprise_linux linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_workstation_extension suse_linux_enterprise_module_for_public_cloud +2 more products- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4794
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-4581
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mo... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4580
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Requ... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-4569
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer inte... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_debuginfo suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4568
drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call... Read more
Affected Products : linux_kernel- Published: May. 23, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4565
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interfac... Read more
- Published: May. 23, 2016
- Modified: Apr. 12, 2025