Vulnerabilities (CVE)

Filtered by CWE-20
Total 11667 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10338 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.
CVE-2016-10337 1 Google 1 Android 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.
CVE-2016-10243 3 Debian, Fedoraproject, Tug 3 Debian Linux, Fedora, Tex Live 2026-06-17 7.5 HIGH 9.8 CRITICAL
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVE-2016-10235 1 Google 1 Android 2026-06-17 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
CVE-2016-10228 1 Gnu 1 Glibc 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2016-10222 1 Apple 1 Safari 2026-06-17 5.0 MEDIUM 7.5 HIGH
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.
CVE-2016-10176 1 Netgear 2 Wnr2000v5, Wnr2000v5 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.
CVE-2016-10167 1 Libgd 1 Libgd 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10100 1 Borg 1 Borg 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
CVE-2016-10079 1 Sap 1 Saplpd 2026-06-17 5.0 MEDIUM 7.5 HIGH
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
CVE-2016-10069 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-10024 2 Citrix, Xen 2 Xenserver, Xen 2026-06-17 4.9 MEDIUM 6.0 MEDIUM
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVE-2016-1000232 3 Ibm, Redhat, Salesforce 3 Api Connect, Openshift Container Platform, Tough-cookie 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVE-2016-1000104 2 Apache, Opensuse 3 Mod Fcgid, Leap, Opensuse 2026-06-17 6.5 MEDIUM 8.8 HIGH
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
CVE-2016-0950 1 Adobe 1 Connect 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
CVE-2016-0913 1 Emc 2 Networker Module For Microsoft Applications, Replication Manager 2026-06-17 7.5 HIGH 9.8 CRITICAL
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.
CVE-2016-0909 1 Emc 2 Avamar Data Store, Avamar Server Virtual Edition 2026-06-17 7.2 HIGH 8.4 HIGH
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.
CVE-2016-0895 1 Emc 1 Rsa Data Loss Prevention 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.
CVE-2016-0889 1 Dell 1 Emc Unisphere 2026-06-17 10.0 HIGH 9.8 CRITICAL
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.