11.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-31	CVE-2015-6815	Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. low complexity qemu fedoraproject novell canonical redhat xen arista CWE-835	3.5
2016-06-27	CVE-2016-1583	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. local low complexity linux novell canonical debian CWE-119	7.8
2016-06-03	CVE-2016-0376	The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. network high complexity novell ibm redhat	8.1
2016-06-03	CVE-2016-0363	Improper Input Validation vulnerability in multiple products The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. network high complexity redhat novell ibm CWE-20	8.1
2016-05-23	CVE-2016-4913	Information Exposure vulnerability in multiple products The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. local low complexity canonical linux oracle novell CWE-200	7.8
2016-05-23	CVE-2016-4805	Use After Free vulnerability in multiple products Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. local low complexity novell redhat canonical linux oracle CWE-416	7.8
2016-05-23	CVE-2016-4569	Information Exposure vulnerability in multiple products The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. local low complexity linux canonical novell CWE-200	5.5
2016-05-23	CVE-2016-4486	Information Exposure vulnerability in multiple products The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. local low complexity novell canonical linux CWE-200	3.3
2016-05-23	CVE-2016-4485	Information Exposure vulnerability in multiple products The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. network low complexity novell canonical linux CWE-200	7.5
2016-05-23	CVE-2016-4482	Information Exposure vulnerability in multiple products The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. local low complexity canonical linux novell fedoraproject CWE-200	6.2