CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9068 | critical | — | 9.5 | — | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||
| CVE-2016-5195 | high | — | 9.5 | 4y ago | Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. | |||
| CVE-2016-5843 | critical | 9.4 | 9.4 | 10y ago | Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL… | |||
| CVE-2016-2297 | critical | 9.4 | 9.4 | 10y ago | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature." | |||
| CVE-2016-0100 | high | 8.4 | 9.4 | 10y ago | Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Exe… | |||
| CVE-2016-0088 | critical | 9.3 | 9.3 | 10y ago | Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Ex… | |||
| CVE-2016-1929 | critical | 9.3 | 9.3 | 11y ago | The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relat… | |||
| CVE-2016-8638 | critical | 9.1 | 9.1 | 4y ago | A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related … | |||
| CVE-2016-5018 | critical | 9.1 | 9.1 | 9y ago | Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat | |||
| CVE-2016-6793 | critical | 9.1 | 9.1 | 9y ago | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe… | |||
| CVE-2016-7835 | critical | 9.1 | 9.1 | 9y ago | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |||
| CVE-2016-8649 | critical | 9.1 | 9.1 | 9y ago | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f… | |||
| CVE-2016-8721 | critical | 9.1 | 9.1 | 9y ago | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input ca… | |||
| CVE-2016-6111 | critical | 9.1 | 9.1 | 9y ago | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… | |||
| CVE-2016-9121 | critical | 9.1 | 9.1 | 9y ago | go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu… | |||
| CVE-2016-9814 | critical | 9.1 | 9.1 | 9y ago | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers … | |||
| CVE-2016-9706 | critical | 9.1 | 9.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… | |||
| CVE-2016-9362 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform … | |||
| CVE-2016-9639 | critical | 9.1 | 9.1 | 9y ago | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||
| CVE-2016-2908 | critical | 9.1 | 9.1 | 9y ago | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker… | |||
| CVE-2016-8491 | critical | 9.1 | 9.1 | 9y ago | The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||
| CVE-2016-6269 | critical | 9.1 | 9.1 | 10y ago | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a… | |||
| CVE-2016-8325 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2016-6223 | critical | 9.1 | 9.1 | 10y ago | The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a … | |||
| CVE-2016-3415 | critical | 9.1 | 9.1 | 10y ago | Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | |||
| CVE-2016-9584 | critical | 9.1 | 9.1 | 10y ago | libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | |||
| CVE-2016-7460 | critical | 9.1 | 9.1 | 10y ago | The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of ser… | |||
| CVE-2016-9180 | critical | 9.1 | 9.1 | 10y ago | perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's … | |||
| CVE-2016-6520 | critical | 9.1 | 9.1 | 10y ago | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||
| CVE-2016-9480 | critical | 9.1 | 9.1 | 10y ago | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" … | |||
| CVE-2016-3028 | critical | 9.1 | 9.1 | 10y ago | IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leve… | |||
| CVE-2016-5763 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update… | |||
| CVE-2016-9272 | critical | 9.1 | 9.1 | 10y ago | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||
| CVE-2016-8870 | high | 8.1 | 9.1 | 10y ago | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create … | |||
| CVE-2016-6445 | critical | 9.1 | 9.1 | 10y ago | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… | |||
| CVE-2016-5605 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | |||
| CVE-2016-5599 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and inte… | |||
| CVE-2016-5555 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-8565 | critical | 9.1 | 9.1 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | |||
| CVE-2016-1000112 | critical | 9.1 | 9.1 | 10y ago | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||
| CVE-2016-7435 | critical | 9.1 | 9.1 | 10y ago | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer… | |||
| CVE-2016-4694 | critical | 9.1 | 9.1 | 10y ago | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data… | |||
| CVE-2016-0903 | critical | 9.1 | 9.1 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … | |||
| CVE-2016-6394 | critical | 9.1 | 9.1 | 10y ago | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … | |||
| CVE-2016-6254 | critical | 9.1 | 9.1 | 10y ago | Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly exec… | |||
| CVE-2016-6582 | critical | 9.1 | 9.1 | 10y ago | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat… | |||
| CVE-2016-3312 | critical | 9.1 | 9.1 | 10y ago | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Info… | |||
| CVE-2016-5116 | critical | 9.1 | 9.1 | 10y ago | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memor… | |||
| CVE-2016-5114 | critical | 9.1 | 9.1 | 10y ago | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information… | |||
| CVE-2016-3546 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vector… | |||
| CVE-2016-3543 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3541 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3527 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-4532 | critical | 9.1 | 9.1 | 10y ago | Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2016-4510 | critical | 9.1 | 9.1 | 10y ago | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | |||
| CVE-2016-4360 | critical | 9.1 | 9.1 | 10y ago | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.5… | |||
| CVE-2016-2029 | critical | 9.1 | 9.1 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. | |||
| CVE-2016-2018 | critical | 9.1 | 9.1 | 10y ago | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-4432 | critical | 9.1 | 9.1 | 10y ago | AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication | |||
| CVE-2016-4501 | critical | 9.1 | 9.1 | 10y ago | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via … | |||
| CVE-2016-2208 | critical | 9.1 | 9.1 | 10y ago | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system … | |||
| CVE-2016-3081 | high | 8.1 | 9.1 | 10y ago | Apache Struts RCE Vulnerability | |||
| CVE-2016-3466 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-0699 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… | |||
| CVE-2016-1034 | critical | 9.1 | 9.1 | 10y ago | The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec… | |||
| CVE-2016-3065 | critical | 9.1 | 9.1 | 10y ago | The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… | |||
| CVE-2016-3974 | critical | 9.1 | 9.1 | 10y ago | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access… | |||
| CVE-2016-1154 | critical | 9.1 | 9.1 | 10y ago | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-1903 | critical | 9.1 | 9.1 | 11y ago | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or ca… | |||
| CVE-2016-1142 | critical | 9.1 | 9.1 | 11y ago | Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-4435 | critical | 9.0 | 9.0 | 9y ago | An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attac… | |||
| CVE-2016-9470 | critical | 9.0 | 9.0 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables … | |||
| CVE-2016-10127 | critical | 9.0 | 9.0 | 9y ago | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||
| CVE-2016-5528 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln… | |||
| CVE-2016-3609 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3454 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2016-0499 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2016-3105 | high | 8.8 | 8.8 | 4y ago | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||
| CVE-2016-3072 | high | 8.8 | 8.8 | 4y ago | Katello SQL Injection vulnerabilities | |||
| CVE-2016-3691 | high | 8.8 | 8.8 | 4y ago | Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | |||
| CVE-2016-5851 | high | 8.8 | 8.8 | 4y ago | python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||
| CVE-2016-10701 | high | 8.8 | 8.8 | 9y ago | In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||
| CVE-2016-10700 | high | 8.8 | 8.8 | 9y ago | auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the… | |||
| CVE-2016-3090 | high | 8.8 | 8.8 | 9y ago | Apache Struts RCE Vulnerability | |||
| CVE-2016-4461 | high | 8.8 | 8.8 | 9y ago | Apache Struts forced double OGNL evaluation | |||
| CVE-2016-1261 | high | 8.8 | 8.8 | 9y ago | J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | |||
| CVE-2016-6806 | high | 8.8 | 8.8 | 9y ago | Apache Wicket vulnerable to CSRF attacks | |||
| CVE-2016-8744 | high | 8.8 | 8.8 | 9y ago | Deserialization of Untrusted Data in Apache Brooklyn | |||
| CVE-2016-8737 | high | 8.8 | 8.8 | 9y ago | Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) | |||
| CVE-2016-0732 | high | 8.8 | 8.8 | 9y ago | The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.… | |||
| CVE-2016-4462 | high | 8.8 | 8.8 | 9y ago | By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Fr… | |||
| CVE-2016-5861 | high | 8.8 | 8.8 | 9y ago | In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, w… | |||
| CVE-2016-5716 | high | 8.8 | 8.8 | 9y ago | The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | |||
| CVE-2016-9716 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions t… | |||
| CVE-2016-9714 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized act… | |||
| CVE-2016-10401 | high | 8.8 | 8.8 | 9y ago | ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists … | |||
| CVE-2016-8493 | high | 8.8 | 8.8 | 9y ago | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | |||
| CVE-2016-1000218 | high | 8.8 | 8.8 | 9y ago | Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially… | |||
| CVE-2016-9984 | high | 8.8 | 8.8 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | |||
| CVE-2016-7830 | high | 8.8 | 8.8 | 9y ago | Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker o… |