Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-11-28 | 6.8 MEDIUM | 6.7 MEDIUM |
| The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
| CVE-2016-4654 | 1 Apple | 1 Iphone Os | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4573 | 1 Fortinet | 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. | |||||
| CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2016-11-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-3940 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991. | |||||
| CVE-2016-3939 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | |||||
| CVE-2016-3938 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232. | |||||
| CVE-2016-3933 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408. | |||||
| CVE-2016-3932 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. | |||||
| CVE-2016-3931 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418. | |||||
| CVE-2016-3928 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384. | |||||
| CVE-2016-3922 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619. | |||||
| CVE-2016-3921 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647. | |||||
| CVE-2016-3917 | 1 Google | 1 Android | 2016-11-28 | 7.2 HIGH | 7.8 HIGH |
| The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668. | |||||
| CVE-2016-3915 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838. | |||||
| CVE-2016-3913 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103. | |||||
| CVE-2016-3912 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481. | |||||
| CVE-2016-3911 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607. | |||||
| CVE-2016-3910 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546. | |||||
| CVE-2016-3909 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990. | |||||