Export limit exceeded: 24841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24841 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2495 | 1 Google | 1 Android | 2025-04-12 | N/A |
| SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | ||||
| CVE-2016-2498 | 1 Google | 2 Android, Nexus 7 | 2025-04-12 | N/A |
| The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162. | ||||
| CVE-2016-2499 | 1 Google | 1 Android | 2025-04-12 | N/A |
| AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172. | ||||
| CVE-2016-2500 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814. | ||||
| CVE-2016-2509 | 1 Belden | 6 Hirschmann Firmware, Hirschmann L2b, Hirschmann L2e and 3 more | 2025-04-12 | N/A |
| The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2016-2513 | 2 Djangoproject, Redhat | 3 Django, Openstack, Openstack-optools | 2025-04-12 | N/A |
| The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | ||||
| CVE-2016-2524 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2016-2525 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | ||||
| CVE-2016-2526 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | ||||
| CVE-2016-2527 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. | ||||
| CVE-2016-2528 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | ||||
| CVE-2016-2537 | 1 Is My Json Valid Project | 1 Is My Json Valid | 2025-04-12 | N/A |
| The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. | ||||
| CVE-2016-2548 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. | ||||
| CVE-2016-2549 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | ||||
| CVE-2016-2562 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-2569 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | ||||
| CVE-2016-2570 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | ||||
| CVE-2016-2571 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | ||||
| CVE-2016-2572 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | ||||
| CVE-2016-2776 | 4 Hp, Isc, Oracle and 1 more | 10 Hp-ux, Bind, Linux and 7 more | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | ||||