2016 年に公開された CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2016-9942 | Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. | 9.8 | 3.72% | 2016-12-31 | 2026-06-16 |
| CVE-2016-9941 | Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. | 9.8 | 3.73% | 2016-12-31 | 2026-06-16 |
| CVE-2016-6859 | Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | 4.3 | 1.15% | 2016-12-31 | 2026-06-16 |
| CVE-2016-6858 | Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. | 5.4 | 0.64% | 2016-12-31 | 2026-06-16 |
| CVE-2016-6857 | Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | 5.4 | 0.64% | 2016-12-31 | 2026-06-16 |
| CVE-2016-6856 | Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter. | 6.1 | 0.87% | 2016-12-31 | 2026-06-16 |
| CVE-2016-1004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | 該当なし | 0.27% | 2016-12-30 | 2023-11-06 |
| CVE-2016-1003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.27% | 2016-12-30 | 2023-11-06 |
| CVE-2016-10074 | The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header. | 9.8 | 41.83% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. | 9.8 | 98.04% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10034 | The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. | 9.8 | 38.44% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10033 KEV | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | 9.8 | 99.71% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10088 | The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. | 7.0 | 0.37% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10085 | admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | 7.2 | 1.84% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10084 | admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | 7.2 | 1.84% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10083 | Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | 6.1 | 1.23% | 2016-12-30 | 2026-06-16 |
| CVE-2016-10082 | include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | 9.8 | 2.88% | 2016-12-30 | 2026-06-16 |
| CVE-2016-9916 | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. | 6.5 | 0.44% | 2016-12-29 | 2026-06-16 |
| CVE-2016-9915 | Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. | 6.5 | 0.44% | 2016-12-29 | 2026-06-16 |
| CVE-2016-9914 | Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. | 6.5 | 0.43% | 2016-12-29 | 2026-06-16 |