CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7806 | critical | 9.8 | 9.8 | 9y ago | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-6093 | critical | 9.8 | 9.8 | 9y ago | IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||
| CVE-2016-4473 | critical | 9.8 | 9.8 | 9y ago | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | |||
| CVE-2016-7050 | critical | 9.8 | 9.8 | 9y ago | SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remot… | |||
| CVE-2016-5405 | critical | 9.8 | 9.8 | 9y ago | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat… | |||
| CVE-2016-3690 | critical | 9.8 | 9.8 | 9y ago | The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | |||
| CVE-2016-2034 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. | |||
| CVE-2016-6087 | critical | 9.8 | 9.8 | 9y ago | IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. | |||
| CVE-2016-9961 | critical | 9.8 | 9.8 | 9y ago | game-music-emu before 0.6.1 mishandles unspecified integer values. | |||
| CVE-2016-0726 | critical | 9.8 | 9.8 | 9y ago | The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge o… | |||
| CVE-2016-10375 | critical | 9.8 | 9.8 | 9y ago | Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. | |||
| CVE-2016-0761 | critical | 9.8 | 9.8 | 9y ago | Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used t… | |||
| CVE-2016-9843 | critical | 9.8 | 9.8 | 9y ago | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||
| CVE-2016-9841 | critical | 9.8 | 9.8 | 9y ago | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||
| CVE-2016-7979 | critical | 9.8 | 9.8 | 9y ago | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | |||
| CVE-2016-7978 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | |||
| CVE-2016-5178 | critical | 9.8 | 9.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2016-4905 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via un… | |||
| CVE-2016-10329 | critical | 9.8 | 9.8 | 9y ago | Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' he… | |||
| CVE-2016-5006 | critical | 9.8 | 9.8 | 9y ago | The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | |||
| CVE-2016-10243 | critical | 9.8 | 9.8 | 9y ago | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | |||
| CVE-2016-8584 | critical | 9.8 | 9.8 | 9y ago | Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | |||
| CVE-2016-3109 | critical | 9.8 | 9.8 | 9y ago | Shopware RCE Vulnerability | |||
| CVE-2016-3067 | critical | 9.8 | 9.8 | 9y ago | Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. | |||
| CVE-2016-2173 | critical | 9.8 | 9.8 | 9y ago | Improper Input Validation in Spring AMQP | |||
| CVE-2016-1558 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier,… | |||
| CVE-2016-1557 | critical | 9.8 | 9.8 | 9y ago | Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | |||
| CVE-2016-5762 | critical | 9.8 | 9.8 | 9y ago | Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password,… | |||
| CVE-2016-1219 | critical | 9.8 | 9.8 | 9y ago | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | |||
| CVE-2016-6727 | critical | 9.8 | 9.8 | 9y ago | The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. | |||
| CVE-2016-6726 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices. | |||
| CVE-2016-10328 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | |||
| CVE-2016-10327 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. | |||
| CVE-2016-6818 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), … | |||
| CVE-2016-4899 | critical | 9.8 | 9.8 | 9y ago | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||
| CVE-2016-4898 | critical | 9.8 | 9.8 | 9y ago | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||
| CVE-2016-1155 | critical | 9.8 | 9.8 | 9y ago | HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | |||
| CVE-2016-2566 | critical | 9.8 | 9.8 | 9y ago | Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | |||
| CVE-2016-10324 | critical | 9.8 | 9.8 | 9y ago | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | |||
| CVE-2016-6143 | critical | 9.8 | 9.8 | 9y ago | SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | |||
| CVE-2016-4800 | critical | 9.8 | 9.8 | 9y ago | Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request | |||
| CVE-2016-4337 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |||
| CVE-2016-6808 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | |||
| CVE-2016-1908 | critical | 9.8 | 9.8 | 9y ago | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to t… | |||
| CVE-2016-0779 | critical | 9.8 | 9.8 | 9y ago | The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | |||
| CVE-2016-6878 | critical | 9.8 | 9.8 | 9y ago | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstra… | |||
| CVE-2016-10311 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | |||
| CVE-2016-10321 | critical | 9.8 | 9.8 | 9y ago | web2py is vulnerable to password brute-force attack | |||
| CVE-2016-5074 | critical | 9.8 | 9.8 | 9y ago | CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |||
| CVE-2016-5070 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||
| CVE-2016-5069 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||
| CVE-2016-5068 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||
| CVE-2016-5066 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||
| CVE-2016-5065 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||
| CVE-2016-5053 | critical | 9.8 | 9.8 | 9y ago | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. | |||
| CVE-2016-6809 | critical | 9.8 | 9.8 | 9y ago | Apache Tika allows Java code execution for serialized objects embedded in MATLAB files | |||
| CVE-2016-10229 | critical | 9.8 | 9.8 | 9y ago | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with … | |||
| CVE-2016-10312 | critical | 9.8 | 9.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execu… | |||
| CVE-2016-10309 | critical | 9.8 | 9.8 | 9y ago | In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||
| CVE-2016-10308 | critical | 9.8 | 9.8 | 9y ago | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both S… | |||
| CVE-2016-10307 | critical | 9.8 | 9.8 | 9y ago | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but t… | |||
| CVE-2016-10306 | critical | 9.8 | 9.8 | 9y ago | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UN… | |||
| CVE-2016-10305 | critical | 9.8 | 9.8 | 9y ago | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices … | |||
| CVE-2016-9924 | critical | 9.8 | 9.8 | 9y ago | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |||
| CVE-2016-6807 | critical | 9.8 | 9.8 | 9y ago | Apache Ambari Improper Access Control | |||
| CVE-2016-8749 | critical | 9.8 | 9.8 | 9y ago | Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks | |||
| CVE-2016-10152 | critical | 9.8 | 9.8 | 9y ago | The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root … | |||
| CVE-2016-9125 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au… | |||
| CVE-2016-9124 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown … | |||
| CVE-2016-6206 | critical | 9.8 | 9.8 | 9y ago | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. | |||
| CVE-2016-10145 | critical | 9.8 | 9.8 | 9y ago | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | |||
| CVE-2016-10144 | critical | 9.8 | 9.8 | 9y ago | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||
| CVE-2016-10133 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments … | |||
| CVE-2016-10128 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspec… | |||
| CVE-2016-5757 | critical | 9.8 | 9.8 | 9y ago | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authenti… | |||
| CVE-2016-4926 | critical | 9.8 | 9.8 | 9y ago | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe… | |||
| CVE-2016-10253 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly speci… | |||
| CVE-2016-5239 | critical | 9.8 | 9.8 | 9y ago | The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-7955 | critical | 9.8 | 9.8 | 9y ago | The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain s… | |||
| CVE-2016-10195 | critical | 9.8 | 9.8 | 9y ago | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack… | |||
| CVE-2016-10166 | critical | 9.8 | 9.8 | 9y ago | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors relate… | |||
| CVE-2016-10188 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to exp… | |||
| CVE-2016-4658 | critical | 9.8 | 9.8 | 9y ago | Nokogiri does not forbid namespace nodes in XPointer ranges | |||
| CVE-2016-9087 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2016-9020 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parame… | |||
| CVE-2016-9019 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute ar… | |||
| CVE-2016-8863 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possi… | |||
| CVE-2016-7789 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | |||
| CVE-2016-7788 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2016-7784 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the s… | |||
| CVE-2016-7783 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||
| CVE-2016-7782 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||
| CVE-2016-7781 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author paramet… | |||
| CVE-2016-7780 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||
| CVE-2016-7145 | critical | 9.8 | 9.8 | 9y ago | The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE paramet… | |||
| CVE-2016-7407 | critical | 9.8 | 9.8 | 9y ago | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | |||
| CVE-2016-7406 | critical | 9.8 | 9.8 | 9y ago | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | |||
| CVE-2016-10204 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |||
| CVE-2016-8233 | critical | 9.8 | 9.8 | 9y ago | Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||
| CVE-2016-9558 | critical | 9.8 | 9.8 | 9y ago | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negati… |