Export limit exceeded: 364428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6750 1 Google 1 Android 2025-04-12 N/A
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825.
CVE-2016-6751 1 Google 1 Android 2025-04-12 N/A
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271.
CVE-2016-6752 1 Google 1 Android 2025-04-12 N/A
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-31498159. References: Qualcomm QC-CR#987051.
CVE-2016-6753 1 Google 1 Android 2025-04-12 N/A
An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174.
CVE-2016-6824 1 Huawei 8 Ac6003, Ac6003 Firmware, Ac6005 and 5 more 2025-04-12 N/A
Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets.
CVE-2016-7090 1 Siemens 4 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 1 more 2025-04-12 N/A
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2016-7153 5 Apple, Google, Microsoft and 2 more 6 Safari, Chrome, Edge and 3 more 2025-04-12 N/A
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVE-2016-7199 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-7216 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-12 N/A
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
CVE-2016-7218 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 N/A
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."
CVE-2016-7219 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 N/A
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."
CVE-2016-7227 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 N/A
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-7252 1 Microsoft 1 Sql Server 2025-04-12 N/A
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."
CVE-2016-7257 1 Microsoft 4 Office For Mac, Windows 7, Windows Server 2008 and 1 more 2025-04-12 N/A
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
CVE-2016-7266 1 Microsoft 4 Excel, Excel For Mac, Excel Viewer and 1 more 2025-04-12 N/A
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
CVE-2016-7796 3 Novell, Redhat, Systemd Project 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more 2025-04-12 N/A
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVE-2016-7887 4 Adobe, Apple, Linux and 1 more 4 Coldfusion Builder, Macos, Linux Kernel and 1 more 2025-04-12 7.5 High
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.
CVE-2016-7888 1 Adobe 1 Digital Editions 2025-04-12 N/A
Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.
CVE-2016-7907 1 Qemu 1 Qemu 2025-04-12 4.4 Medium
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
CVE-2016-7917 1 Linux 1 Linux Kernel 2025-04-12 N/A
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.