Vulnerabilities (CVE)

Filtered by CWE-20
Total 11666 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0815 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.
CVE-2016-0802 2 Apple, Google 5 Iphone Os, Mac Os X, Tvos and 2 more 2026-06-17 8.3 HIGH 8.8 HIGH
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
CVE-2016-0801 2 Apple, Google 5 Iphone Os, Mac Os X, Tvos and 2 more 2026-06-17 8.3 HIGH 9.8 CRITICAL
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
CVE-2016-0792 2 Jenkins, Redhat 2 Jenkins, Openshift 2026-06-17 9.0 HIGH 8.8 HIGH
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
CVE-2016-0789 2 Jenkins, Redhat 2 Jenkins, Openshift 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2016-0785 1 Apache 1 Struts 2026-06-17 9.0 HIGH 8.8 HIGH
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
CVE-2016-0774 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 5.6 MEDIUM 6.8 MEDIUM
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
CVE-2016-0756 1 Prosody 1 Prosody 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.
CVE-2016-0754 2 Haxx, Microsoft 2 Curl, Windows 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
CVE-2016-0398 1 Ibm 1 Cognos Analytics 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
CVE-2016-0381 1 Ibm 1 Cognos Tm1 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value.
CVE-2016-0363 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2026-06-17 6.8 MEDIUM 8.1 HIGH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2016-0300 1 Ibm 1 Tririga Application Platform 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412.
CVE-2016-0281 1 Ibm 2 Aix, Vios 2026-06-17 4.3 MEDIUM 3.7 LOW
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
CVE-2016-0276 1 Ibm 1 Financial Transaction Manager 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084.
CVE-2016-0215 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.
CVE-2016-0211 1 Ibm 2 Db2, Db2 Connect 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.
CVE-2016-0207 1 Ibm 1 Algo Risk Application 2026-06-17 3.5 LOW 5.4 MEDIUM
IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.
CVE-2016-0206 1 Ibm 1 Cloud Orchestrator 2026-06-17 2.1 LOW 3.3 LOW
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
CVE-2016-0147 1 Microsoft 1 Xml Core Services 2026-06-17 9.3 HIGH 8.8 HIGH
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."