CVEs from 2016
Total
8,468
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4927 | high | 8.1 | 8.1 | 9y ago | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | |||
| CVE-2016-8024 | high | 8.1 | 8.1 | 9y ago | Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit… | |||
| CVE-2016-8023 | high | 8.1 | 8.1 | 9y ago | Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic… | |||
| CVE-2016-9724 | high | 8.1 | 8.1 | 9y ago | IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose high… | |||
| CVE-2016-8974 | high | 8.1 | 8.1 | 9y ago | IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil… | |||
| CVE-2016-7643 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allo… | |||
| CVE-2016-8379 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-8372 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-8360 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an at… | |||
| CVE-2016-3180 | high | 8.1 | 8.1 | 9y ago | Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Troja… | |||
| CVE-2016-1894 | high | 8.1 | 8.1 | 9y ago | NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2016-6500 | high | 8.1 | 8.1 | 9y ago | Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote … | |||
| CVE-2016-8980 | high | 8.1 | 8.1 | 9y ago | IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex… | |||
| CVE-2016-6059 | high | 8.1 | 8.1 | 9y ago | IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… | |||
| CVE-2016-0396 | high | 8.1 | 8.1 | 9y ago | IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | |||
| CVE-2016-8315 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.… | |||
| CVE-2016-8298 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-8297 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-5091 | high | 8.1 | 8.1 | 10y ago | Extbase for TYPO3 allows RCE | |||
| CVE-2016-4338 | high | 8.1 | 8.1 | 10y ago | The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all… | |||
| CVE-2016-10103 | high | 8.1 | 8.1 | 10y ago | Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for G… | |||
| CVE-2016-10102 | high | 8.1 | 8.1 | 10y ago | hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd… | |||
| CVE-2016-10101 | high | 8.1 | 8.1 | 10y ago | Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Pa… | |||
| CVE-2016-10086 | high | 8.1 | 8.1 | 10y ago | RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions … | |||
| CVE-2016-7144 | high | 8.1 | 8.1 | 10y ago | The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi… | |||
| CVE-2016-3130 | high | 8.1 | 8.1 | 10y ago | An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an … | |||
| CVE-2016-10125 | high | 8.1 | 8.1 | 10y ago | D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||
| CVE-2016-8706 | high | 8.1 | 8.1 | 10y ago | An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to rem… | |||
| CVE-2016-2378 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in … | |||
| CVE-2016-2377 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A… | |||
| CVE-2016-2376 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicio… | |||
| CVE-2016-2374 | high | 8.1 | 8.1 | 10y ago | An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write l… | |||
| CVE-2016-2371 | high | 8.1 | 8.1 | 10y ago | An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | |||
| CVE-2016-2368 | high | 8.1 | 8.1 | 10y ago | Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially… | |||
| CVE-2016-10030 | high | 8.1 | 8.1 | 10y ago | The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure o… | |||
| CVE-2016-10116 | high | 8.1 | 8.1 | 10y ago | NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adj… | |||
| CVE-2016-7967 | high | 8.1 | 8.1 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URL… | |||
| CVE-2016-6659 | high | 8.1 | 8.1 | 10y ago | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3… | |||
| CVE-2016-9160 | high | 8.1 | 8.1 | 10y ago | A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX compon… | |||
| CVE-2016-5688 | high | 8.1 | 8.1 | 10y ago | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-va… | |||
| CVE-2016-6633 | high | 8.1 | 8.1 | 10y ago | phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension | |||
| CVE-2016-6617 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6… | |||
| CVE-2016-6611 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6… | |||
| CVE-2016-6606 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's bro… | |||
| CVE-2016-3055 | high | 8.1 | 8.1 | 10y ago | IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an externa… | |||
| CVE-2016-3033 | high | 8.1 | 8.1 | 10y ago | IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity de… | |||
| CVE-2016-2887 | high | 8.1 | 8.1 | 10y ago | IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-1251 | high | 8.1 | 8.1 | 10y ago | There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare… | |||
| CVE-2016-2929 | high | 8.1 | 8.1 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||
| CVE-2016-3025 | high | 8.1 | 8.1 | 10y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attac… | |||
| CVE-2016-8331 | high | 8.1 | 8.1 | 10y ago | An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remo… | |||
| CVE-2016-6432 | high | 8.1 | 8.1 | 10y ago | A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute … | |||
| CVE-2016-5619 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenti… | |||
| CVE-2016-5518 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integr… | |||
| CVE-2016-6380 | high | 8.1 | 8.1 | 10y ago | The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of ser… | |||
| CVE-2016-4390 | high | 8.1 | 8.1 | 10y ago | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-… | |||
| CVE-2016-4389 | high | 8.1 | 8.1 | 10y ago | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-… | |||
| CVE-2016-4388 | high | 8.1 | 8.1 | 10y ago | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-… | |||
| CVE-2016-4387 | high | 8.1 | 8.1 | 10y ago | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-… | |||
| CVE-2016-7191 | high | 8.1 | 8.1 | 10y ago | Authentication Bypass in passport-azure-ad | |||
| CVE-2016-7098 | high | 8.1 | 8.1 | 10y ago | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP … | |||
| CVE-2016-4725 | high | 8.1 | 8.1 | 10y ago | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of se… | |||
| CVE-2016-7143 | high | 8.1 | 8.1 | 10y ago | The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE … | |||
| CVE-2016-5017 | high | 8.1 | 8.1 | 10y ago | Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command str… | |||
| CVE-2016-7412 | high | 8.1 | 8.1 | 10y ago | ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of servi… | |||
| CVE-2016-1482 | high | 8.1 | 8.1 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. | |||
| CVE-2016-7133 | high | 8.1 | 8.1 | 10y ago | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly… | |||
| CVE-2016-6377 | high | 8.1 | 8.1 | 10y ago | Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PA… | |||
| CVE-2016-4377 | high | 8.1 | 8.1 | 10y ago | HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy … | |||
| CVE-2016-0915 | high | 8.1 | 8.1 | 10y ago | The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an a… | |||
| CVE-2016-5421 | high | 8.1 | 8.1 | 10y ago | Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2016-3851 | high | 8.1 | 8.1 | 10y ago | The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. | |||
| CVE-2016-6144 | high | 8.1 | 8.1 | 10y ago | The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," … | |||
| CVE-2016-5266 | high | 8.1 | 8.1 | 10y ago | Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web sit… | |||
| CVE-2016-5672 | high | 8.1 | 8.1 | 10y ago | Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all inv… | |||
| CVE-2016-4834 | high | 8.1 | 8.1 | 10y ago | modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified … | |||
| CVE-2016-5451 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity … | |||
| CVE-2016-3564 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability v… | |||
| CVE-2016-3552 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. | |||
| CVE-2016-3506 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Orac… | |||
| CVE-2016-3487 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3477 | high | 8.1 | 8.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users… | |||
| CVE-2016-5388 | high | 8.1 | 8.1 | 10y ago | Improper Access Control in Apache Tomcat | |||
| CVE-2016-5387 | high | 8.1 | 8.1 | 10y ago | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh… | |||
| CVE-2016-5386 | high | 8.1 | 8.1 | 10y ago | Improper input validation in net/http and net/http/cgi | |||
| CVE-2016-5385 | high | 8.1 | 8.1 | 10y ago | HTTP Proxy header vulnerability | |||
| CVE-2016-3039 | high | 8.1 | 8.1 | 10y ago | IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declara… | |||
| CVE-2016-5807 | high | 8.1 | 8.1 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct reques… | |||
| CVE-2016-3238 | high | 8.1 | 8.1 | 10y ago | The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511… | |||
| CVE-2016-6174 | high | 8.1 | 8.1 | 10y ago | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.… | |||
| CVE-2016-5774 | high | 8.1 | 8.1 | 10y ago | The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use o… | |||
| CVE-2016-1443 | high | 8.1 | 8.1 | 10y ago | The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess info… | |||
| CVE-2016-1181 | high | 8.1 | 8.1 | 10y ago | Improper Input Validation in Apache Struts | |||
| CVE-2016-4998 | high | 7.1 | 8.1 | 10y ago | The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sens… | |||
| CVE-2016-1337 | high | 8.1 | 8.1 | 10y ago | Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information … | |||
| CVE-2016-3989 | high | 8.1 | 8.1 | 10y ago | The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, an… | |||
| CVE-2016-4472 | high | 8.1 | 8.1 | 10y ago | The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via … | |||
| CVE-2016-0304 | high | 8.1 | 8.1 | 10y ago | The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass … | |||
| CVE-2016-3707 | high | 8.1 | 8.1 | 10y ago | The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Re… | |||
| CVE-2016-1189 | high | 8.1 | 8.1 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. |