Skip to main content
CVE-2016-4578 MEDIUM POC PATCH This Month

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +8
NVD Exploit-DB GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4482 MEDIUM PATCH This Month

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +8
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2016-4783 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Lenovo Shareit
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4037 MEDIUM PATCH This Month

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fedora Ubuntu Linux Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-4569 MEDIUM PATCH This Month

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8558 MEDIUM PATCH This Month

The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2016-4581 MEDIUM PATCH This Month

fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy