CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1720 | high | 7.8 | 8.8 | 11y ago | IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-1719 | high | 7.8 | 8.8 | 11y ago | The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2016-1945 | high | 8.8 | 8.8 | 11y ago | The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer d… | |||
| CVE-2016-1935 | high | 8.8 | 8.8 | 11y ago | Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | |||
| CVE-2016-1491 | high | 8.8 | 8.8 | 11y ago | The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by lev… | |||
| CVE-2016-1620 | high | 8.8 | 8.8 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1134 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and… | |||
| CVE-2016-0943 | high | 8.8 | 8.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the … | |||
| CVE-2016-0941 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader … | |||
| CVE-2016-0939 | high | 8.8 | 8.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0938 | high | 8.8 | 8.8 | 11y ago | The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows … | |||
| CVE-2016-0937 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC … | |||
| CVE-2016-0936 | high | 8.8 | 8.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0935 | high | 8.8 | 8.8 | 11y ago | Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Wi… | |||
| CVE-2016-0934 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.0… | |||
| CVE-2016-0932 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in the Doc object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC … | |||
| CVE-2016-0931 | high | 8.8 | 8.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0024 | high | 8.8 | 8.8 | 11y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0016 | high | 7.8 | 8.8 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl… | |||
| CVE-2016-0015 | high | 7.8 | 8.8 | 11y ago | DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attac… | |||
| CVE-2016-0009 | high | 8.8 | 8.8 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remo… | |||
| CVE-2016-0007 | high | 7.8 | 8.8 | 11y ago | The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Win… | |||
| CVE-2016-3473 | high | 7.7 | 8.7 | 10y ago | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confide… | |||
| CVE-2016-0679 | high | 8.7 | 8.7 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability … | |||
| CVE-2016-9692 | high | 8.6 | 8.6 | 9y ago | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vul… | |||
| CVE-2016-9691 | high | 8.6 | 8.6 | 9y ago | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could explo… | |||
| CVE-2016-6368 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a de… | |||
| CVE-2016-7051 | high | 8.6 | 8.6 | 9y ago | jackson-dataformat-xml vulnerable to server side request forgery (SSRF) | |||
| CVE-2016-6560 | high | 8.6 | 8.6 | 9y ago | illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | |||
| CVE-2016-8368 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Et… | |||
| CVE-2016-8361 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authenticat… | |||
| CVE-2016-5803 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be wit… | |||
| CVE-2016-5782 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for … | |||
| CVE-2016-6171 | high | 8.6 | 8.6 | 9y ago | Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | |||
| CVE-2016-9225 | high | 8.6 | 8.6 | 10y ago | A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX m… | |||
| CVE-2016-6621 | high | 8.6 | 8.6 | 10y ago | The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||
| CVE-2016-10142 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security … | |||
| CVE-2016-10124 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push c… | |||
| CVE-2016-9752 | high | 8.6 | 8.6 | 10y ago | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | |||
| CVE-2016-4333 | high | 8.6 | 8.6 | 10y ago | The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's term… | |||
| CVE-2016-4332 | high | 8.6 | 8.6 | 10y ago | The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't su… | |||
| CVE-2016-4331 | high | 8.6 | 8.6 | 10y ago | When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execu… | |||
| CVE-2016-4330 | high | 8.6 | 8.6 | 10y ago | In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, … | |||
| CVE-2016-7964 | high | 8.6 | 8.6 | 10y ago | The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This … | |||
| CVE-2016-5588 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5558 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-0249 | high | 8.6 | 8.6 | 10y ago | SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbit… | |||
| CVE-2016-2308 | high | 8.6 | 8.6 | 10y ago | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, … | |||
| CVE-2016-6250 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying f… | |||
| CVE-2016-4384 | high | 8.6 | 8.6 | 10y ago | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-0904 | high | 8.6 | 8.6 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … | |||
| CVE-2016-5814 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remo… | |||
| CVE-2016-6597 | high | 8.6 | 8.6 | 10y ago | Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the r… | |||
| CVE-2016-1951 | high | 8.6 | 8.6 | 10y ago | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified oth… | |||
| CVE-2016-4029 | high | 8.6 | 8.6 | 10y ago | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via… | |||
| CVE-2016-5096 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2016-5095 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have … | |||
| CVE-2016-5094 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecifie… | |||
| CVE-2016-5093 | high | 8.6 | 8.6 | 10y ago | The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows … | |||
| CVE-2016-3596 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3595 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3594 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3593 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3592 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3591 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3590 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3583 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3582 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3581 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3580 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3576 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3575 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-1394 | high | 8.6 | 8.6 | 10y ago | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||
| CVE-2016-4791 | high | 8.6 | 8.6 | 10y ago | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arb… | |||
| CVE-2016-4001 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cau… | |||
| CVE-2016-2222 | high | 8.6 | 8.6 | 10y ago | The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o… | |||
| CVE-2016-4554 | high | 8.6 | 8.6 | 10y ago | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header sm… | |||
| CVE-2016-4553 | high | 8.6 | 8.6 | 10y ago | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks vi… | |||
| CVE-2016-1373 | high | 8.6 | 8.6 | 10y ago | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10… | |||
| CVE-2016-3455 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-2293 | high | 8.6 | 8.6 | 10y ago | The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||
| CVE-2016-4014 | high | 8.6 | 8.6 | 10y ago | XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to ud… | |||
| CVE-2016-1286 | high | 8.6 | 8.6 | 10y ago | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME r… | |||
| CVE-2016-0736 | high | 7.5 | 8.5 | 9y ago | In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul… | |||
| CVE-2016-7508 | high | 7.5 | 8.5 | 9y ago | Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5… | |||
| CVE-2016-10073 | high | 7.5 | 8.5 | 9y ago | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr… | |||
| CVE-2016-7054 | high | 7.5 | 8.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue i… | |||
| CVE-2016-1561 | high | 7.5 | 8.5 | 9y ago | ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a pri… | |||
| CVE-2016-8022 | high | 7.5 | 8.5 | 9y ago | Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den… | |||
| CVE-2016-9727 | high | 8.5 | 8.5 | 9y ago | IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… | |||
| CVE-2016-6255 | high | 7.5 | 8.5 | 9y ago | Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||
| CVE-2016-4312 | high | 7.5 | 8.5 | 9y ago | XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to … |