CVEs from 2016
Total
8,468
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0392 | high | 8.4 | 8.4 | 10y ago | IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum S… | |||
| CVE-2016-2463 | high | 8.4 | 8.4 | 10y ago | Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attack… | |||
| CVE-2016-4364 | high | 8.4 | 8.4 | 10y ago | HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-4480 | high | 8.4 | 8.4 | 10y ago | The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might al… | |||
| CVE-2016-3134 | high | 8.4 | 8.4 | 10y ago | The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) vi… | |||
| CVE-2016-0849 | high | 8.4 | 8.4 | 10y ago | Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted … | |||
| CVE-2016-0848 | high | 8.4 | 8.4 | 10y ago | Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions v… | |||
| CVE-2016-0847 | high | 8.4 | 8.4 | 10y ago | The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as d… | |||
| CVE-2016-0846 | high | 8.4 | 8.4 | 10y ago | libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which … | |||
| CVE-2016-0844 | high | 8.4 | 8.4 | 10y ago | The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug … | |||
| CVE-2016-0843 | high | 8.4 | 8.4 | 10y ago | The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted a… | |||
| CVE-2016-0842 | high | 8.4 | 8.4 | 10y ago | The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2016-0840 | high | 8.4 | 8.4 | 10y ago | Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2016-0834 | high | 8.4 | 8.4 | 10y ago | An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file,… | |||
| CVE-2016-1340 | high | 8.4 | 8.4 | 10y ago | Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename argum… | |||
| CVE-2016-0135 | high | 8.4 | 8.4 | 10y ago | The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | |||
| CVE-2016-2558 | high | 8.4 | 8.4 | 10y ago | The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a… | |||
| CVE-2016-2557 | high | 8.4 | 8.4 | 10y ago | The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from ker… | |||
| CVE-2016-2857 | high | 8.4 | 8.4 | 10y ago | The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |||
| CVE-2016-2856 | high | 8.4 | 8.4 | 10y ago | pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc pack… | |||
| CVE-2016-1008 | high | 8.4 | 8.4 | 10y ago | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.2… | |||
| CVE-2016-0807 | high | 8.4 | 8.4 | 11y ago | The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF No… | |||
| CVE-2016-0806 | high | 8.4 | 8.4 | 11y ago | The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug… | |||
| CVE-2016-0805 | high | 8.4 | 8.4 | 11y ago | The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application… | |||
| CVE-2016-1572 | high | 8.4 | 8.4 | 11y ago | mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated… | |||
| CVE-2016-1713 | high | 7.3 | 8.3 | 9y ago | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated… | |||
| CVE-2016-5423 | high | 8.3 | 8.3 | 10y ago | PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference … | |||
| CVE-2016-5573 | high | 8.3 | 8.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotsp… | |||
| CVE-2016-4382 | high | 8.3 | 8.3 | 10y ago | HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issu… | |||
| CVE-2016-3353 | high | 8.3 | 8.3 | 10y ago | Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer … | |||
| CVE-2016-5445 | high | 8.3 | 8.3 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto… | |||
| CVE-2016-3446 | high | 8.3 | 8.3 | 10y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, int… | |||
| CVE-2016-3449 | high | 8.3 | 8.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. | |||
| CVE-2016-2098 | high | 7.3 | 8.3 | 10y ago | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t… | |||
| CVE-2016-9469 | high | 8.2 | 8.2 | 9y ago | Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with p… | |||
| CVE-2016-8356 | high | 8.2 | 8.2 | 9y ago | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilit… | |||
| CVE-2016-6105 | high | 8.2 | 8.2 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | |||
| CVE-2016-8312 | high | 8.2 | 8.2 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-9050 | high | 8.2 | 8.2 | 10y ago | An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read re… | |||
| CVE-2016-3128 | high | 8.2 | 8.2 | 10y ago | A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for … | |||
| CVE-2016-8293 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-8291 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5595 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-5593 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-5592 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-5591 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-5589 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality… | |||
| CVE-2016-5587 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-5586 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integri… | |||
| CVE-2016-5557 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and int… | |||
| CVE-2016-5503 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability vi… | |||
| CVE-2016-5491 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5489 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vecto… | |||
| CVE-2016-5482 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integr… | |||
| CVE-2016-7093 | high | 8.2 | 8.2 | 10y ago | Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation… | |||
| CVE-2016-7092 | high | 8.2 | 8.2 | 10y ago | The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | |||
| CVE-2016-5465 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2016-3536 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3535 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Rem… | |||
| CVE-2016-3532 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via … | |||
| CVE-2016-3522 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-3512 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2016-3491 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wir… | |||
| CVE-2016-0271 | high | 8.2 | 8.2 | 10y ago | The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users … | |||
| CVE-2016-1182 | high | 8.2 | 8.2 | 10y ago | Improper Input Validation in Apache Struts | |||
| CVE-2016-1441 | high | 8.2 | 8.2 | 10y ago | Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET … | |||
| CVE-2016-5729 | high | 8.2 | 8.2 | 10y ago | Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | |||
| CVE-2016-0911 | high | 8.2 | 8.2 | 10y ago | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root… | |||
| CVE-2016-5363 | high | 8.2 | 8.2 | 10y ago | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of serv… | |||
| CVE-2016-5362 | high | 8.2 | 8.2 | 10y ago | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of ser… | |||
| CVE-2016-3994 | high | 8.2 | 8.2 | 10y ago | The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds rea… | |||
| CVE-2016-2176 | high | 8.2 | 8.2 | 10y ago | The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a … | |||
| CVE-2016-2204 | high | 8.2 | 8.2 | 10y ago | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||
| CVE-2016-1593 | high | 7.2 | 8.2 | 10y ago | Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a … | |||
| CVE-2016-3456 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confiden… | |||
| CVE-2016-3439 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Numb… | |||
| CVE-2016-3438 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors… | |||
| CVE-2016-3437 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address … | |||
| CVE-2016-3436 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2016-0709 | high | 7.2 | 8.2 | 10y ago | Path Traversal in Apache Jetspeed | |||
| CVE-2016-3947 | high | 8.2 | 8.2 | 10y ago | Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performan… | |||
| CVE-2016-3142 | high | 8.2 | 8.2 | 10y ago | The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a deni… | |||
| CVE-2016-9014 | high | 8.1 | 8.1 | 4y ago | Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validat… | |||
| CVE-2016-6904 | high | 8.1 | 8.1 | 9y ago | Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication cr… | |||
| CVE-2016-10383 | high | 8.1 | 8.1 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | |||
| CVE-2016-9981 | high | 8.1 | 8.1 | 9y ago | IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 | |||
| CVE-2016-5045 | high | 8.1 | 8.1 | 9y ago | NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | |||
| CVE-2016-3998 | high | 8.1 | 8.1 | 9y ago | NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||
| CVE-2016-9698 | high | 8.1 | 8.1 | 9y ago | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… | |||
| CVE-2016-6098 | high | 8.1 | 8.1 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||
| CVE-2016-3084 | high | 8.1 | 8.1 | 9y ago | Cloud Foundry UAA reset password vulnerable to brute force attack | |||
| CVE-2016-1518 | high | 8.1 | 8.1 | 9y ago | The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and conseque… | |||
| CVE-2016-1559 | high | 8.1 | 8.1 | 9y ago | D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames an… | |||
| CVE-2016-0721 | high | 8.1 | 8.1 | 9y ago | Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||
| CVE-2016-1148 | high | 8.1 | 8.1 | 9y ago | Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||
| CVE-2016-4850 | high | 8.1 | 8.1 | 9y ago | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | |||
| CVE-2016-8712 | high | 8.1 | 8.1 | 9y ago | An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication reque… | |||
| CVE-2016-8237 | high | 8.1 | 8.1 | 9y ago | Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||
| CVE-2016-9707 | high | 8.1 | 8.1 | 9y ago | IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose… | |||
| CVE-2016-9463 | high | 8.1 | 8.1 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enable… |