CVEs from 2016
Total
8,565
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-10328 | critical | 9.8 | 9.8 | 9y ago | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | |
| CVE-2016-10327 | critical | 9.8 | 9.8 | 9y ago | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. | |
| CVE-2016-6818 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), … | |
| CVE-2016-4899 | critical | 9.8 | 9.8 | 9y ago | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |
| CVE-2016-4898 | critical | 9.8 | 9.8 | 9y ago | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |
| CVE-2016-1155 | critical | 9.8 | 9.8 | 9y ago | HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | |
| CVE-2016-2566 | critical | 9.8 | 9.8 | 9y ago | Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | |
| CVE-2016-10324 | critical | 9.8 | 9.8 | 9y ago | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. | |
| CVE-2016-6143 | critical | 9.8 | 9.8 | 9y ago | SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | |
| CVE-2016-4800 | critical | 9.8 | 9.8 | 9y ago | The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints … | |
| CVE-2016-2555 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | |
| CVE-2016-4337 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |
| CVE-2016-6808 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | |
| CVE-2016-7552 | critical | 9.8 | 9.8 | 9y ago | On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can… | |
| CVE-2016-7547 | critical | 9.8 | 9.8 | 9y ago | A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | |
| CVE-2016-1908 | critical | 9.8 | 9.8 | 9y ago | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to t… | |
| CVE-2016-0779 | critical | 9.8 | 9.8 | 9y ago | The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | |
| CVE-2016-6878 | critical | 9.8 | 9.8 | 9y ago | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstra… | |
| CVE-2016-10311 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | |
| CVE-2016-10321 | critical | 9.8 | 9.8 | 9y ago | web2py is vulnerable to password brute-force attack | |
| CVE-2016-5074 | critical | 9.8 | 9.8 | 9y ago | CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |
| CVE-2016-5070 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |
| CVE-2016-5069 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |
| CVE-2016-5068 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |
| CVE-2016-5066 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |
| CVE-2016-5065 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |
| CVE-2016-5053 | critical | 9.8 | 9.8 | 9y ago | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. | |
| CVE-2016-6809 | critical | 9.8 | 9.8 | 9y ago | Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization. | |
| CVE-2016-10229 | critical | 9.8 | 9.8 | 9y ago | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with … | |
| CVE-2016-10312 | critical | 9.8 | 9.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execu… | |
| CVE-2016-10309 | critical | 9.8 | 9.8 | 9y ago | In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |
| CVE-2016-10308 | critical | 9.8 | 9.8 | 9y ago | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both S… | |
| CVE-2016-10307 | critical | 9.8 | 9.8 | 9y ago | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but t… | |
| CVE-2016-10306 | critical | 9.8 | 9.8 | 9y ago | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UN… | |
| CVE-2016-10305 | critical | 9.8 | 9.8 | 9y ago | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices … | |
| CVE-2016-9924 | critical | 9.8 | 9.8 | 9y ago | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |
| CVE-2016-6807 | critical | 9.8 | 9.8 | 9y ago | Apache Ambari Improper Access Control | |
| CVE-2016-8749 | critical | 9.8 | 9.8 | 9y ago | Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks | |
| CVE-2016-10152 | critical | 9.8 | 9.8 | 9y ago | The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root … | |
| CVE-2016-9125 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au… | |
| CVE-2016-9124 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown … | |
| CVE-2016-6206 | critical | 9.8 | 9.8 | 9y ago | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. | |
| CVE-2016-10145 | critical | 9.8 | 9.8 | 9y ago | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | |
| CVE-2016-10144 | critical | 9.8 | 9.8 | 9y ago | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |
| CVE-2016-10133 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments … | |
| CVE-2016-10128 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspec… | |
| CVE-2016-5757 | critical | 9.8 | 9.8 | 9y ago | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authenti… | |
| CVE-2016-4926 | critical | 9.8 | 9.8 | 9y ago | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe… | |
| CVE-2016-10253 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly speci… | |
| CVE-2016-5239 | critical | 9.8 | 9.8 | 9y ago | The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |
| CVE-2016-7955 | critical | 9.8 | 9.8 | 9y ago | The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain s… | |
| CVE-2016-10195 | critical | 9.8 | 9.8 | 9y ago | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack… | |
| CVE-2016-10166 | critical | 9.8 | 9.8 | 9y ago | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors relate… | |
| CVE-2016-10188 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to exp… | |
| CVE-2016-4658 | critical | 9.8 | 9.8 | 9y ago | Nokogiri does not forbid namespace nodes in XPointer ranges | |
| CVE-2016-9087 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via t… | |
| CVE-2016-9020 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parame… | |
| CVE-2016-9019 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute ar… | |
| CVE-2016-8863 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possi… | |
| CVE-2016-7789 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | |
| CVE-2016-7788 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |
| CVE-2016-7784 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the s… | |
| CVE-2016-7783 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |
| CVE-2016-7782 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |
| CVE-2016-7781 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author paramet… | |
| CVE-2016-7780 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |
| CVE-2016-7145 | critical | 9.8 | 9.8 | 9y ago | The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE paramet… | |
| CVE-2016-7407 | critical | 9.8 | 9.8 | 9y ago | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | |
| CVE-2016-7406 | critical | 9.8 | 9.8 | 9y ago | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | |
| CVE-2016-10204 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |
| CVE-2016-8233 | critical | 9.8 | 9.8 | 9y ago | Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |
| CVE-2016-9558 | critical | 9.8 | 9.8 | 9y ago | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negati… | |
| CVE-2016-1245 | critical | 9.8 | 9.8 | 9y ago | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSI… | |
| CVE-2016-9400 | critical | 9.8 | 9.8 | 9y ago | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code… | |
| CVE-2016-9684 | critical | 9.8 | 9.8 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewc… | |
| CVE-2016-9683 | critical | 9.8 | 9.8 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'exten… | |
| CVE-2016-9682 | critical | 9.8 | 9.8 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the … | |
| CVE-2016-9053 | critical | 9.8 | 9.8 | 9y ago | An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a… | |
| CVE-2016-9051 | critical | 9.8 | 9.8 | 9y ago | An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-boun… | |
| CVE-2016-7663 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. … | |
| CVE-2016-7630 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspec… | |
| CVE-2016-6875 | critical | 9.8 | 9.8 | 9y ago | Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-6874 | critical | 9.8 | 9.8 | 9y ago | The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | |
| CVE-2016-6873 | critical | 9.8 | 9.8 | 9y ago | Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-6872 | critical | 9.8 | 9.8 | 9y ago | Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-6871 | critical | 9.8 | 9.8 | 9y ago | Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | |
| CVE-2016-6870 | critical | 9.8 | 9.8 | 9y ago | Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-6233 | critical | 9.8 | 9.8 | 9y ago | Zend Framework Allows SQL Injection | |
| CVE-2016-4861 | critical | 9.8 | 9.8 | 9y ago | Zend Framework Allows SQL Injection | |
| CVE-2016-10134 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | |
| CVE-2016-3694 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi… | |
| CVE-2016-0360 | critical | 9.8 | 9.8 | 9y ago | IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding … | |
| CVE-2016-9369 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |
| CVE-2016-9366 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |
| CVE-2016-9361 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |
| CVE-2016-9333 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's… | |
| CVE-2016-8567 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database… | |
| CVE-2016-8378 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | |
| CVE-2016-8364 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. | |
| CVE-2016-8348 | critical | 9.8 | 9.8 | 9y ago | An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML par… |