Critical · CVSS 9.8
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Published Nov 22, 2016 · Updated May 29, 2026
High · CVSS 8.7
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
Published Nov 14, 2025 · Updated Apr 7, 2026
High · CVSS 8.7
JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary files on the device.
Published Nov 12, 2025 · Updated Apr 7, 2026
Medium · CVSS 5.5
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
Published Nov 16, 2016 · Updated Dec 4, 2025
High · CVSS 7
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Published Nov 10, 2016 · Updated Nov 4, 2025
High · CVSS 8.8 · CISA KEV
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
Published Nov 1, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
Published Nov 10, 2016 · Updated Oct 21, 2025
High · CVSS 7.5 · CISA KEV
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
Published Nov 18, 2016 · Updated Oct 21, 2025
Medium · CVSS 6.5 · CISA KEV
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
Published Nov 23, 2016 · Updated Oct 21, 2025
High · CVSS 7.8
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.
Published Nov 26, 2024 · Updated Nov 26, 2024
Critical · CVSS 9.8
Initial xbl_sec revision does not have all the debug policy features and critical checks.
Published Nov 26, 2024 · Updated Nov 26, 2024
Unknown · CVSS Not scored
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.
Published Nov 1, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
Published Nov 27, 2017 · Updated Sep 17, 2024
Medium · CVSS 4
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
Published Nov 9, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.
Published Nov 13, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.
Published Nov 20, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
Published Nov 19, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Published Nov 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
gdm3 3.14.2 and possibly later has an information leak before screen lock
Published Nov 5, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Published Nov 19, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pagure: XSS possible in file attachment endpoint
Published Nov 6, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
Published Nov 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.
Published Nov 28, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.
Published Nov 28, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
Published Nov 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.
Published Nov 28, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
Published Nov 28, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
Published Nov 29, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
Published Nov 23, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
Published Nov 30, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
Published Nov 23, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
Published Nov 25, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Published Nov 25, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Published Nov 22, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
Published Nov 29, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Published Nov 25, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
Published Nov 25, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
Published Nov 17, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
Published Nov 28, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
Published Nov 17, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
Published Nov 17, 2016 · Updated Aug 6, 2024