Total
12594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||
| CVE-2016-10555 | 1 Jwt-simple Project | 1 Jwt-simple | 2024-11-21 | N/A |
| Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. | ||||
| CVE-2016-10544 | 1 Uws Project | 1 Uws | 2024-11-21 | N/A |
| uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | ||||
| CVE-2016-10543 | 1 Call Project | 1 Call | 2024-11-21 | N/A |
| call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. | ||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-11-21 | N/A |
| ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | ||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2024-11-21 | N/A |
| Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | ||||
| CVE-2016-10539 | 1 Negotiator Project | 1 Negotiator | 2024-11-21 | N/A |
| negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-11-21 | 7.5 High |
| jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2016-10501 | 1 Qualcomm | 52 Fsm9055, Fsm9055 Firmware, Mdm9206 and 49 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image. | ||||
| CVE-2016-10492 | 1 Qualcomm | 66 Mdm9206, Mdm9206 Firmware, Mdm9607 and 63 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper ciphersuite validation leads SecSSL accept an unadvertised ciphersuite. | ||||
| CVE-2016-10483 | 1 Qualcomm | 14 Sd 410, Sd 410 Firmware, Sd 412 and 11 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, improper input validation while processing SCM Command can lead to unauthorized memory access. | ||||
| CVE-2016-10482 | 1 Qualcomm | 66 Mdm9206, Mdm9206 Firmware, Mdm9607 and 63 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, while processing downlink information, an assert can be reached. | ||||
| CVE-2016-10469 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE. | ||||
| CVE-2016-10464 | 1 Qualcomm | 34 Mdm9206, Mdm9206 Firmware, Mdm9607 and 31 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of input validation for HCI H4 UART packet ID cause system denial of service. | ||||
| CVE-2016-10456 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, if radish is executed with an interface name set to an invalid interface name, an arbitrary command of 15 characters or less may be executed as a system call. | ||||
| CVE-2016-10452 | 1 Qualcomm | 34 Sd 410, Sd 410 Firmware, Sd 412 and 31 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, and SD 835, memory protection assertion happens after invoking TA termination out of order. | ||||
| CVE-2016-10445 | 1 Qualcomm | 38 Sd 410, Sd 410 Firmware, Sd 412 and 35 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, input is not properly validated in a QTEE API function. | ||||
| CVE-2016-10431 | 1 Qualcomm | 32 Mdm9206, Mdm9206 Firmware, Mdm9650 and 29 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, and SD 850, TZ applications are not properly validated. | ||||
| CVE-2016-10235 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409. | ||||