CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8358 | high | 8.5 | 8.5 | 9y ago | An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which… | |||
| CVE-2016-9349 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. | |||
| CVE-2016-9332 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr… | |||
| CVE-2016-9244 | high | 7.5 | 8.5 | 9y ago | A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi… | |||
| CVE-2016-10079 | high | 7.5 | 8.5 | 10y ago | SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||
| CVE-2016-6601 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame… | |||
| CVE-2016-4793 | high | 7.5 | 8.5 | 10y ago | CakePHP allows remote attackers to spoof their IP | |||
| CVE-2016-7982 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti… | |||
| CVE-2016-2233 | high | 7.5 | 8.5 | 10y ago | Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP … | |||
| CVE-2016-7434 | high | 7.5 | 8.5 | 10y ago | The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | |||
| CVE-2016-4806 | high | 7.5 | 8.5 | 10y ago | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | |||
| CVE-2016-7462 | high | 8.5 | 8.5 | 10y ago | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a rel… | |||
| CVE-2016-10031 | high | 7.5 | 8.5 | 10y ago | WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l… | |||
| CVE-2016-7288 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7287 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, ak… | |||
| CVE-2016-7286 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-9838 | high | 7.5 | 8.5 | 10y ago | An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… | |||
| CVE-2016-8740 | high | 7.5 | 8.5 | 10y ago | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca… | |||
| CVE-2016-2988 | high | 8.5 | 8.5 | 10y ago | IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … | |||
| CVE-2016-7241 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-7240 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7203 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7202 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7194 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7190 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7189 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3387 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof… | |||
| CVE-2016-3386 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-2776 | high | 7.5 | 8.5 | 10y ago | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-3247 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-6855 | high | 7.5 | 8.5 | 10y ago | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds wr… | |||
| CVE-2016-5677 | high | 7.5 | 8.5 | 10y ago | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows… | |||
| CVE-2016-5676 | high | 7.5 | 8.5 | 10y ago | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwo… | |||
| CVE-2016-3288 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20… | |||
| CVE-2016-3237 | high | 7.5 | 8.5 | 10y ago | Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows ma… | |||
| CVE-2016-6515 | high | 7.5 | 8.5 | 10y ago | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (cryp… | |||
| CVE-2016-5639 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src … | |||
| CVE-2016-1610 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrict… | |||
| CVE-2016-4232 | high | 7.5 | 8.5 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory … | |||
| CVE-2016-1336 | high | 7.5 | 8.5 | 10y ago | goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of … | |||
| CVE-2016-1328 | high | 7.5 | 8.5 | 10y ago | goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Ser… | |||
| CVE-2016-4309 | high | 7.5 | 8.5 | 10y ago | Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||
| CVE-2016-1543 | high | 7.5 | 8.5 | 10y ago | The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary use… | |||
| CVE-2016-1542 | high | 7.5 | 8.5 | 10y ago | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by send… | |||
| CVE-2016-4108 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1106 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1105 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1104 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1103 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1102 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1101 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1096 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4535 | high | 7.5 | 8.5 | 10y ago | Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed exe… | |||
| CVE-2016-2055 | high | 7.5 | 8.5 | 10y ago | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||
| CVE-2016-0793 | high | 7.5 | 8.5 | 10y ago | WildFly has incomplete blacklist vulnerability | |||
| CVE-2016-0111 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0108 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-2389 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra… | |||
| CVE-2016-0956 | high | 7.5 | 8.5 | 10y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post | |||
| CVE-2016-1879 | high | 7.5 | 8.5 | 11y ago | The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denia… | |||
| CVE-2016-1570 | high | 8.5 | 8.5 | 11y ago | The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or hav… | |||
| CVE-2016-1499 | high | 8.5 | 8.5 | 11y ago | ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of serv… | |||
| CVE-2016-20048 | high | 8.4 | 8.4 | 2mo ago | iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft … | |||
| CVE-2016-20046 | high | 8.4 | 8.4 | 2mo ago | zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary cod… | |||
| CVE-2016-20042 | high | 8.4 | 8.4 | 2mo ago | TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious … | |||
| CVE-2016-20041 | high | 8.4 | 8.4 | 2mo ago | Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers … | |||
| CVE-2016-20040 | high | 8.4 | 8.4 | 2mo ago | TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an … | |||
| CVE-2016-20038 | high | 8.4 | 8.4 | 2mo ago | yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can c… | |||
| CVE-2016-20037 | high | 8.4 | 8.4 | 2mo ago | xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundar… | |||
| CVE-2016-4383 | high | 8.4 | 8.4 | 9y ago | The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified ima… | |||
| CVE-2016-9976 | high | 8.4 | 8.4 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to… | |||
| CVE-2016-7102 | high | 8.4 | 8.4 | 10y ago | ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||
| CVE-2016-7543 | high | 8.4 | 8.4 | 10y ago | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||
| CVE-2016-2087 | high | 7.4 | 8.4 | 10y ago | Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | |||
| CVE-2016-4335 | high | 8.4 | 8.4 | 10y ago | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulti… | |||
| CVE-2016-4288 | high | 8.4 | 8.4 | 10y ago | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary pro… | |||
| CVE-2016-0909 | high | 8.4 | 8.4 | 10y ago | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | |||
| CVE-2016-8661 | high | 8.4 | 8.4 | 10y ago | Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access… | |||
| CVE-2016-6340 | high | 8.4 | 8.4 | 10y ago | The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force … | |||
| CVE-2016-6322 | high | 8.4 | 8.4 | 10y ago | Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | |||
| CVE-2016-3100 | high | 8.4 | 8.4 | 10y ago | kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly… | |||
| CVE-2016-3749 | high | 8.4 | 8.4 | 10y ago | server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 2816… | |||
| CVE-2016-3748 | high | 8.4 | 8.4 | 10y ago | The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804. | |||
| CVE-2016-0392 | high | 8.4 | 8.4 | 10y ago | IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum S… | |||
| CVE-2016-2463 | high | 8.4 | 8.4 | 10y ago | Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attack… | |||
| CVE-2016-4364 | high | 8.4 | 8.4 | 10y ago | HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-4480 | high | 8.4 | 8.4 | 10y ago | The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might al… | |||
| CVE-2016-0849 | high | 8.4 | 8.4 | 10y ago | Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted … | |||
| CVE-2016-0848 | high | 8.4 | 8.4 | 10y ago | Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions v… | |||
| CVE-2016-0847 | high | 8.4 | 8.4 | 10y ago | The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as d… | |||
| CVE-2016-0844 | high | 8.4 | 8.4 | 10y ago | The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug … | |||
| CVE-2016-0843 | high | 8.4 | 8.4 | 10y ago | The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted a… | |||
| CVE-2016-0842 | high | 8.4 | 8.4 | 10y ago | The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a den… | |||
| CVE-2016-0840 | high | 8.4 | 8.4 | 10y ago | Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2016-0834 | high | 8.4 | 8.4 | 10y ago | An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file,… | |||
| CVE-2016-1340 | high | 8.4 | 8.4 | 10y ago | Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename argum… | |||
| CVE-2016-0135 | high | 8.4 | 8.4 | 10y ago | The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | |||
| CVE-2016-2558 | high | 8.4 | 8.4 | 10y ago | The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a… | |||
| CVE-2016-2557 | high | 8.4 | 8.4 | 10y ago | The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from ker… | |||
| CVE-2016-2857 | high | 8.4 | 8.4 | 10y ago | The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. |