CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1633 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2016-2842 | critical | 9.8 | 9.8 | 10y ago | The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cau… | |||
| CVE-2016-0799 | critical | 9.8 | 9.8 | 10y ago | The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (ov… | |||
| CVE-2016-0705 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory… | |||
| CVE-2016-1329 | critical | 9.8 | 9.8 | 10y ago | Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to… | |||
| CVE-2016-0216 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-0213 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-0212 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a differ… | |||
| CVE-2016-1341 | critical | 9.8 | 9.8 | 10y ago | Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID … | |||
| CVE-2016-1629 | critical | 9.8 | 9.8 | 10y ago | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | |||
| CVE-2016-2275 | critical | 9.8 | 9.8 | 10y ago | The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allow… | |||
| CVE-2016-2397 | critical | 9.8 | 9.8 | 10y ago | The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted … | |||
| CVE-2016-2071 | critical | 9.8 | 9.8 | 10y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to g… | |||
| CVE-2016-0746 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspeci… | |||
| CVE-2016-2231 | critical | 9.8 | 9.8 | 10y ago | The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allow… | |||
| CVE-2016-1986 | critical | 9.8 | 9.8 | 10y ago | HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||
| CVE-2016-1287 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7),… | |||
| CVE-2016-0953 | critical | 9.8 | 9.8 | 10y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0952 | critical | 9.8 | 9.8 | 10y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0951 | critical | 9.8 | 9.8 | 10y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0949 | critical | 9.8 | 9.8 | 10y ago | Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. | |||
| CVE-2016-2230 | critical | 9.8 | 9.8 | 10y ago | OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||
| CVE-2016-0804 | critical | 9.8 | 9.8 | 11y ago | The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 im… | |||
| CVE-2016-0803 | critical | 9.8 | 9.8 | 11y ago | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory co… | |||
| CVE-2016-0801 | critical | 9.8 | 9.8 | 11y ago | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2016-1906 | critical | 9.8 | 9.8 | 11y ago | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |||
| CVE-2016-1946 | critical | 9.8 | 9.8 | 11y ago | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a … | |||
| CVE-2016-1944 | critical | 9.8 | 9.8 | 11y ago | The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified… | |||
| CVE-2016-1930 | critical | 9.8 | 9.8 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2016-0868 | critical | 9.8 | 9.8 | 11y ago | Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web reque… | |||
| CVE-2016-1896 | critical | 9.8 | 9.8 | 11y ago | Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypa… | |||
| CVE-2016-2051 | critical | 9.8 | 9.8 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2016-1984 | critical | 9.8 | 9.8 | 11y ago | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access v… | |||
| CVE-2016-1928 | critical | 9.8 | 9.8 | 11y ago | Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security… | |||
| CVE-2016-1901 | critical | 9.8 | 9.8 | 11y ago | Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer … | |||
| CVE-2016-0859 | critical | 9.8 | 9.8 | 11y ago | Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC… | |||
| CVE-2016-0857 | critical | 9.8 | 9.8 | 11y ago | Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-0856 | critical | 9.8 | 9.8 | 11y ago | Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-0946 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0945 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0944 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0942 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0940 | critical | 9.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on… | |||
| CVE-2016-0933 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-1283 | critical | 9.8 | 9.8 | 11y ago | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))… | |||
| CVE-2016-6256 | critical | 9.6 | 9.6 | 9y ago | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i… | |||
| CVE-2016-7277 | critical | 9.6 | 9.6 | 10y ago | Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2016-5582 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotsp… | |||
| CVE-2016-5580 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through … | |||
| CVE-2016-5568 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |||
| CVE-2016-5556 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |||
| CVE-2016-6637 | critical | 9.6 | 9.6 | 10y ago | Cloud Foundry vulnerable to Cross-Site Request Forgery | |||
| CVE-2016-4734 | critical | 9.6 | 9.6 | 10y ago | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differ… | |||
| CVE-2016-1706 | critical | 9.6 | 9.6 | 10y ago | The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows re… | |||
| CVE-2016-3610 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different… | |||
| CVE-2016-3606 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | |||
| CVE-2016-3598 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different… | |||
| CVE-2016-3587 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | |||
| CVE-2016-3443 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous informa… | |||
| CVE-2016-0687 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the H… | |||
| CVE-2016-0686 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Seria… | |||
| CVE-2016-1525 | high | 8.6 | 9.6 | 10y ago | Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the … | |||
| CVE-2016-0003 | critical | 9.6 | 9.6 | 11y ago | Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-5314 | critical | — | 9.5 | — | Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified oth… | |||
| CVE-2016-9900 | critical | — | 9.5 | — | External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerabilit… | |||
| CVE-2016-9066 | critical | — | 9.5 | — | A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR… | |||
| CVE-2016-9076 | critical | — | 9.5 | — | An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulner… | |||
| CVE-2016-5297 | critical | — | 9.5 | — | An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Fire… | |||
| CVE-2016-9068 | critical | — | 9.5 | — | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||
| CVE-2016-2123 | critical | — | 9.5 | — | A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses… | |||
| CVE-2016-9895 | critical | — | 9.5 | — | Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and… | |||
| CVE-2016-5320 | critical | — | 9.5 | — | multiple issues in libtiff | |||
| CVE-2016-5194 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2016-9070 | critical | — | 9.5 | — | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulne… | |||
| CVE-2016-9073 | critical | — | 9.5 | — | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. | |||
| CVE-2016-9897 | critical | — | 9.5 | — | Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefo… | |||
| CVE-2016-9903 | critical | — | 9.5 | — | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting co… | |||
| CVE-2016-9080 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra… | |||
| CVE-2016-5290 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2016-9893 | critical | — | 9.5 | — | Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbit… | |||
| CVE-2016-5292 | critical | — | 9.5 | — | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||
| CVE-2016-5291 | critical | — | 9.5 | — | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||
| CVE-2016-9078 | critical | — | 9.5 | — | Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loa… | |||
| CVE-2016-9077 | critical | — | 9.5 | — | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the image… | |||
| CVE-2016-9652 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2016-9075 | critical | — | 9.5 | — | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install addi… | |||
| CVE-2016-9894 | critical | — | 9.5 | — | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects F… | |||
| CVE-2016-9064 | critical | — | 9.5 | — | Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connect… | |||
| CVE-2016-2125 | critical | — | 9.5 | — | It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subse… | |||
| CVE-2016-5296 | critical | — | 9.5 | — | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR <… | |||
| CVE-2016-9071 | critical | — | 9.5 | — | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox <… | |||
| CVE-2016-9651 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2016-5289 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2016-9899 | critical | — | 9.5 | — | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird… | |||
| CVE-2016-9898 | critical | — | 9.5 | — | Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||
| CVE-2016-9904 | critical | — | 9.5 | — | An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernam… | |||
| CVE-2016-9901 | critical | — | 9.5 | — | HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pock… | |||
| CVE-2016-9067 | critical | — | 9.5 | — | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | |||
| CVE-2016-5875 | critical | — | 9.5 | — | multiple issues in libtiff | |||
| CVE-2016-9902 | critical | — | 9.5 | — | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and in… |