Total
18574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2016-8963 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2026-06-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2016-8826 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Gpu Driver | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. | |||||
| CVE-2016-8666 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. | |||||
| CVE-2016-8660 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." | |||||
| CVE-2016-8658 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 5.6 MEDIUM | 6.1 MEDIUM |
| Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. | |||||
| CVE-2016-8655 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | |||||
| CVE-2016-8650 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | |||||
| CVE-2016-8646 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | |||||
| CVE-2016-8645 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | |||||
| CVE-2016-8636 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. | |||||
| CVE-2016-8633 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 6.2 MEDIUM | 6.8 MEDIUM |
| drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | |||||
| CVE-2016-8632 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2016-8630 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | |||||
| CVE-2016-8483 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099. | |||||
| CVE-2016-8481 | 2 Google, Linux | 2 Android, Linux Kernel | 2026-06-17 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | |||||
| CVE-2016-8480 | 2 Google, Linux | 2 Android, Linux Kernel | 2026-06-17 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. | |||||
| CVE-2016-8479 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. | |||||
| CVE-2016-8478 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206. | |||||
