CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2418 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memor… | |||
| CVE-2016-2416 | critical | 9.8 | 9.8 | 10y ago | libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permissio… | |||
| CVE-2016-1503 | critical | 9.8 | 9.8 | 10y ago | dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attacke… | |||
| CVE-2016-0841 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allow… | |||
| CVE-2016-0839 | critical | 9.8 | 9.8 | 10y ago | post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (me… | |||
| CVE-2016-0838 | critical | 9.8 | 9.8 | 10y ago | Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to… | |||
| CVE-2016-0837 | critical | 9.8 | 9.8 | 10y ago | MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or… | |||
| CVE-2016-0835 | critical | 9.8 | 9.8 | 10y ago | decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file t… | |||
| CVE-2016-0889 | critical | 9.8 | 9.8 | 10y ago | An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | |||
| CVE-2016-1352 | critical | 9.8 | 9.8 | 10y ago | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | |||
| CVE-2016-4009 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, whic… | |||
| CVE-2016-2056 | high | 8.8 | 9.8 | 10y ago | xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) … | |||
| CVE-2016-2054 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via … | |||
| CVE-2016-4007 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via… | |||
| CVE-2016-10193 | critical | 9.8 | 9.8 | 10y ago | espeak-ruby allows arbitrary command execution | |||
| CVE-2016-0145 | high | 8.8 | 9.8 | 10y ago | The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007… | |||
| CVE-2016-3657 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of s… | |||
| CVE-2016-3655 | critical | 9.8 | 9.8 | 10y ago | The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via … | |||
| CVE-2016-2170 | critical | 9.8 | 9.8 | 10y ago | Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections l… | |||
| CVE-2016-0733 | critical | 9.8 | 9.8 | 10y ago | The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password | |||
| CVE-2016-0710 | high | 8.8 | 9.8 | 10y ago | Apache Jetspeed vulnerable to SQL Injection | |||
| CVE-2016-1013 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-1011 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-3154 | critical | 9.8 | 9.8 | 10y ago | The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and… | |||
| CVE-2016-3153 | critical | 9.8 | 9.8 | 10y ago | SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||
| CVE-2016-2324 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | |||
| CVE-2016-2315 | critical | 9.8 | 9.8 | 10y ago | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based b… | |||
| CVE-2016-0792 | high | 8.8 | 9.8 | 10y ago | Jenkins allows Deserialization of Untrusted Data via an XML File | |||
| CVE-2016-0791 | critical | 9.8 | 9.8 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-0788 | critical | 9.8 | 9.8 | 10y ago | Jenkins allows Execution of Code by Opening a JRMP Listener | |||
| CVE-2016-0729 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denia… | |||
| CVE-2016-1313 | critical | 9.8 | 9.8 | 10y ago | Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to… | |||
| CVE-2016-1291 | critical | 9.8 | 9.8 | 10y ago | Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS… | |||
| CVE-2016-2000 | critical | 9.8 | 9.8 | 10y ago | HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache C… | |||
| CVE-2016-2343 | critical | 9.8 | 9.8 | 10y ago | Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | |||
| CVE-2016-3141 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash… | |||
| CVE-2016-1761 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML docum… | |||
| CVE-2016-1998 | critical | 9.8 | 9.8 | 10y ago | HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collecti… | |||
| CVE-2016-1997 | critical | 9.8 | 9.8 | 10y ago | HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to … | |||
| CVE-2016-2245 | critical | 9.8 | 9.8 | 10y ago | HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2016-1995 | critical | 9.8 | 9.8 | 10y ago | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-3191 | critical | 9.8 | 9.8 | 10y ago | The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parent… | |||
| CVE-2016-1989 | critical | 9.8 | 9.8 | 10y ago | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… | |||
| CVE-2016-1988 | critical | 9.8 | 9.8 | 10y ago | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… | |||
| CVE-2016-1962 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by… | |||
| CVE-2016-1960 | high | 8.8 | 9.8 | 10y ago | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause… | |||
| CVE-2016-1621 | critical | 9.8 | 9.8 | 10y ago | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption… | |||
| CVE-2016-0816 | critical | 9.8 | 9.8 | 10y ago | mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_par… | |||
| CVE-2016-0815 | critical | 9.8 | 9.8 | 10y ago | The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers… | |||
| CVE-2016-1002 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Ad… | |||
| CVE-2016-1001 | high | 8.8 | 9.8 | 10y ago | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR… | |||
| CVE-2016-1000 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A… | |||
| CVE-2016-0999 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A… | |||
| CVE-2016-0998 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A… | |||
| CVE-2016-0997 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A… | |||
| CVE-2016-1327 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05… | |||
| CVE-2016-1009 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… | |||
| CVE-2016-1007 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… | |||
| CVE-2016-0132 | critical | 9.8 | 9.8 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatur… | |||
| CVE-2016-0121 | high | 8.8 | 9.8 | 10y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and… | |||
| CVE-2016-2843 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2016-1642 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1639 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remo… | |||
| CVE-2016-1636 | critical | 9.8 | 9.8 | 10y ago | The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instea… | |||
| CVE-2016-1635 | critical | 9.8 | 9.8 | 10y ago | extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, … | |||
| CVE-2016-1633 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2016-2842 | critical | 9.8 | 9.8 | 10y ago | The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cau… | |||
| CVE-2016-0799 | critical | 9.8 | 9.8 | 10y ago | The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (ov… | |||
| CVE-2016-0705 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory… | |||
| CVE-2016-1329 | critical | 9.8 | 9.8 | 10y ago | Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to… | |||
| CVE-2016-0216 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-0213 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-0212 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-1341 | critical | 9.8 | 9.8 | 10y ago | Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID … | |||
| CVE-2016-1629 | critical | 9.8 | 9.8 | 10y ago | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | |||
| CVE-2016-2275 | critical | 9.8 | 9.8 | 10y ago | The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allow… | |||
| CVE-2016-2397 | critical | 9.8 | 9.8 | 10y ago | The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted … | |||
| CVE-2016-2071 | critical | 9.8 | 9.8 | 10y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to g… | |||
| CVE-2016-0746 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspeci… | |||
| CVE-2016-2231 | critical | 9.8 | 9.8 | 10y ago | The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allow… | |||
| CVE-2016-1986 | critical | 9.8 | 9.8 | 10y ago | HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||
| CVE-2016-0985 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe … | |||
| CVE-2016-0974 | high | 8.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S… | |||
| CVE-2016-0971 | high | 8.8 | 9.8 | 10y ago | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK… | |||
| CVE-2016-0967 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe … | |||
| CVE-2016-0965 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe … | |||
| CVE-2016-0964 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe … | |||
| CVE-2016-0949 | critical | 9.8 | 9.8 | 10y ago | Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. | |||
| CVE-2016-0063 | high | 8.8 | 9.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-2230 | critical | 9.8 | 9.8 | 10y ago | OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||
| CVE-2016-0804 | critical | 9.8 | 9.8 | 11y ago | The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 im… | |||
| CVE-2016-0803 | critical | 9.8 | 9.8 | 11y ago | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory co… | |||
| CVE-2016-0861 | high | 8.8 | 9.8 | 11y ago | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-1906 | critical | 9.8 | 9.8 | 11y ago | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |||
| CVE-2016-1946 | critical | 9.8 | 9.8 | 11y ago | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a … | |||
| CVE-2016-1944 | critical | 9.8 | 9.8 | 11y ago | The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified… | |||
| CVE-2016-1930 | critical | 9.8 | 9.8 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2016-0868 | critical | 9.8 | 9.8 | 11y ago | Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web reque… | |||
| CVE-2016-1896 | critical | 9.8 | 9.8 | 11y ago | Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypa… | |||
| CVE-2016-2051 | critical | 9.8 | 9.8 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unkno… |