CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1984 | critical | 9.8 | 9.8 | 11y ago | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access v… | |||
| CVE-2016-1928 | critical | 9.8 | 9.8 | 11y ago | Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security… | |||
| CVE-2016-1901 | critical | 9.8 | 9.8 | 11y ago | Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer … | |||
| CVE-2016-0859 | critical | 9.8 | 9.8 | 11y ago | Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC… | |||
| CVE-2016-0857 | critical | 9.8 | 9.8 | 11y ago | Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-0856 | critical | 9.8 | 9.8 | 11y ago | Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-0946 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0945 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0944 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0942 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-0940 | critical | 9.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on… | |||
| CVE-2016-0933 | critical | 9.8 | 9.8 | 11y ago | Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attacker… | |||
| CVE-2016-1283 | critical | 9.8 | 9.8 | 11y ago | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))… | |||
| CVE-2016-7277 | critical | 9.6 | 9.6 | 10y ago | Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2016-5582 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotsp… | |||
| CVE-2016-5580 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through … | |||
| CVE-2016-5568 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |||
| CVE-2016-5556 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |||
| CVE-2016-6637 | critical | 9.6 | 9.6 | 10y ago | Cloud Foundry vulnerable to Cross-Site Request Forgery | |||
| CVE-2016-4734 | critical | 9.6 | 9.6 | 10y ago | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differ… | |||
| CVE-2016-6483 | high | 8.6 | 9.6 | 10y ago | The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5… | |||
| CVE-2016-4264 | high | 8.6 | 9.6 | 10y ago | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craf… | |||
| CVE-2016-1706 | critical | 9.6 | 9.6 | 10y ago | The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows re… | |||
| CVE-2016-3610 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different… | |||
| CVE-2016-3606 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | |||
| CVE-2016-3598 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different… | |||
| CVE-2016-3587 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | |||
| CVE-2016-3443 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous informa… | |||
| CVE-2016-0687 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the H… | |||
| CVE-2016-0686 | critical | 9.6 | 9.6 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Seria… | |||
| CVE-2016-1525 | high | 8.6 | 9.6 | 10y ago | Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the … | |||
| CVE-2016-0003 | critical | 9.6 | 9.6 | 11y ago | Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-5320 | critical | — | 9.5 | — | multiple issues in libtiff | |||
| CVE-2016-5314 | critical | — | 9.5 | — | Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified oth… | |||
| CVE-2016-9068 | critical | — | 9.5 | — | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||
| CVE-2016-9071 | critical | — | 9.5 | — | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox <… | |||
| CVE-2016-9897 | critical | — | 9.5 | — | Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefo… | |||
| CVE-2016-9652 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2016-5290 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2016-5292 | critical | — | 9.5 | — | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||
| CVE-2016-9894 | critical | — | 9.5 | — | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects F… | |||
| CVE-2016-5296 | critical | — | 9.5 | — | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR <… | |||
| CVE-2016-2125 | critical | — | 9.5 | — | It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subse… | |||
| CVE-2016-9903 | critical | — | 9.5 | — | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting co… | |||
| CVE-2016-9076 | critical | — | 9.5 | — | An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulner… | |||
| CVE-2016-9077 | critical | — | 9.5 | — | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the image… | |||
| CVE-2016-9078 | critical | — | 9.5 | — | Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loa… | |||
| CVE-2016-9080 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra… | |||
| CVE-2016-9904 | critical | — | 9.5 | — | An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernam… | |||
| CVE-2016-5297 | critical | — | 9.5 | — | An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Fire… | |||
| CVE-2016-9070 | critical | — | 9.5 | — | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulne… | |||
| CVE-2016-9902 | critical | — | 9.5 | — | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and in… | |||
| CVE-2016-9895 | critical | — | 9.5 | — | Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and… | |||
| CVE-2016-9896 | critical | — | 9.5 | — | Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | |||
| CVE-2016-9898 | critical | — | 9.5 | — | Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||
| CVE-2016-9067 | critical | — | 9.5 | — | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | |||
| CVE-2016-9893 | critical | — | 9.5 | — | Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbit… | |||
| CVE-2016-5289 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2016-5291 | critical | — | 9.5 | — | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||
| CVE-2016-5194 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2016-9064 | critical | — | 9.5 | — | Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connect… | |||
| CVE-2016-5875 | critical | — | 9.5 | — | multiple issues in libtiff | |||
| CVE-2016-9073 | critical | — | 9.5 | — | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. | |||
| CVE-2016-9066 | critical | — | 9.5 | — | A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR… | |||
| CVE-2016-9900 | critical | — | 9.5 | — | External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerabilit… | |||
| CVE-2016-9901 | critical | — | 9.5 | — | HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pock… | |||
| CVE-2016-2123 | critical | — | 9.5 | — | A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses… | |||
| CVE-2016-9075 | critical | — | 9.5 | — | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install addi… | |||
| CVE-2016-5843 | critical | 9.4 | 9.4 | 10y ago | Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL… | |||
| CVE-2016-3646 | high | 8.4 | 9.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… | |||
| CVE-2016-3644 | high | 8.4 | 9.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… | |||
| CVE-2016-2207 | high | 8.4 | 9.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… | |||
| CVE-2016-2297 | critical | 9.4 | 9.4 | 10y ago | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature." | |||
| CVE-2016-3134 | high | 8.4 | 9.4 | 10y ago | The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) vi… | |||
| CVE-2016-0846 | high | 8.4 | 9.4 | 10y ago | libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which … | |||
| CVE-2016-2856 | high | 8.4 | 9.4 | 10y ago | pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc pack… | |||
| CVE-2016-0100 | high | 8.4 | 9.4 | 10y ago | Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Exe… | |||
| CVE-2016-0088 | critical | 9.3 | 9.3 | 10y ago | Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Ex… | |||
| CVE-2016-1929 | critical | 9.3 | 9.3 | 11y ago | The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, relat… | |||
| CVE-2016-8638 | critical | 9.1 | 9.1 | 4y ago | A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related … | |||
| CVE-2016-5018 | critical | 9.1 | 9.1 | 9y ago | Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat | |||
| CVE-2016-6793 | critical | 9.1 | 9.1 | 9y ago | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe… | |||
| CVE-2016-7835 | critical | 9.1 | 9.1 | 9y ago | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |||
| CVE-2016-8649 | critical | 9.1 | 9.1 | 9y ago | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f… | |||
| CVE-2016-8721 | critical | 9.1 | 9.1 | 9y ago | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input ca… | |||
| CVE-2016-6111 | critical | 9.1 | 9.1 | 9y ago | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… | |||
| CVE-2016-9121 | critical | 9.1 | 9.1 | 9y ago | go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu… | |||
| CVE-2016-8024 | high | 8.1 | 9.1 | 9y ago | Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit… | |||
| CVE-2016-8023 | high | 8.1 | 9.1 | 9y ago | Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic… | |||
| CVE-2016-9814 | critical | 9.1 | 9.1 | 9y ago | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers … | |||
| CVE-2016-9706 | critical | 9.1 | 9.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… | |||
| CVE-2016-9362 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform … | |||
| CVE-2016-9639 | critical | 9.1 | 9.1 | 9y ago | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||
| CVE-2016-2908 | critical | 9.1 | 9.1 | 10y ago | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker… | |||
| CVE-2016-8491 | critical | 9.1 | 9.1 | 10y ago | The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||
| CVE-2016-6269 | critical | 9.1 | 9.1 | 10y ago | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a… | |||
| CVE-2016-8325 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2016-6223 | critical | 9.1 | 9.1 | 10y ago | The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a … | |||
| CVE-2016-4338 | high | 8.1 | 9.1 | 10y ago | The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all… | |||
| CVE-2016-3415 | critical | 9.1 | 9.1 | 10y ago | Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. |