Total
5268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3773 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102. | |||||
| CVE-2016-3772 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102. | |||||
| CVE-2016-3771 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102. | |||||
| CVE-2016-3770 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102. | |||||
| CVE-2016-3769 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656. | |||||
| CVE-2016-3768 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644. | |||||
| CVE-2016-3762 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709. | |||||
| CVE-2016-3758 | 1 Google | 1 Android | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771. | |||||
| CVE-2016-3748 | 1 Google | 1 Android | 2026-06-17 | 7.5 HIGH | 8.4 HIGH |
| The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804. | |||||
| CVE-2016-3738 | 1 Redhat | 1 Openshift | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. | |||||
| CVE-2016-3725 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). | |||||
| CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
| CVE-2016-3716 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2026-06-17 | 4.3 MEDIUM | 3.3 LOW |
| The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||||
| CVE-2016-3699 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Mrg, Linux | 2026-06-17 | 6.9 MEDIUM | 7.4 HIGH |
| The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | |||||
| CVE-2016-3697 | 3 Docker, Linuxfoundation, Opensuse | 3 Docker, Runc, Opensuse | 2026-06-17 | 2.1 LOW | 7.8 HIGH |
| libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | |||||
| CVE-2016-3693 | 1 Safemode Project | 1 Safemode | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | |||||
| CVE-2016-3643 | 1 Solarwinds | 1 Virtualization Manager | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | |||||
| CVE-2016-3396 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." | |||||
| CVE-2016-3388 | 1 Microsoft | 2 Edge, Internet Explorer | 2026-06-17 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387. | |||||
| CVE-2016-3387 | 1 Microsoft | 2 Edge, Internet Explorer | 2026-06-17 | 6.8 MEDIUM | 7.5 HIGH |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388. | |||||