CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9584 | critical | 9.1 | 9.1 | 10y ago | libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | |||
| CVE-2016-7460 | critical | 9.1 | 9.1 | 10y ago | The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of ser… | |||
| CVE-2016-9180 | critical | 9.1 | 9.1 | 10y ago | perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's … | |||
| CVE-2016-6520 | critical | 9.1 | 9.1 | 10y ago | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||
| CVE-2016-9480 | critical | 9.1 | 9.1 | 10y ago | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" … | |||
| CVE-2016-3028 | critical | 9.1 | 9.1 | 10y ago | IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leve… | |||
| CVE-2016-5763 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update… | |||
| CVE-2016-9272 | critical | 9.1 | 9.1 | 10y ago | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||
| CVE-2016-8870 | high | 8.1 | 9.1 | 10y ago | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create … | |||
| CVE-2016-6445 | critical | 9.1 | 9.1 | 10y ago | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… | |||
| CVE-2016-5605 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | |||
| CVE-2016-5599 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and inte… | |||
| CVE-2016-5555 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-8565 | critical | 9.1 | 9.1 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | |||
| CVE-2016-1000112 | critical | 9.1 | 9.1 | 10y ago | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||
| CVE-2016-7435 | critical | 9.1 | 9.1 | 10y ago | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer… | |||
| CVE-2016-7098 | high | 8.1 | 9.1 | 10y ago | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP … | |||
| CVE-2016-4694 | critical | 9.1 | 9.1 | 10y ago | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data… | |||
| CVE-2016-0903 | critical | 9.1 | 9.1 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … | |||
| CVE-2016-6394 | critical | 9.1 | 9.1 | 10y ago | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … | |||
| CVE-2016-6254 | critical | 9.1 | 9.1 | 10y ago | Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly exec… | |||
| CVE-2016-6582 | critical | 9.1 | 9.1 | 10y ago | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat… | |||
| CVE-2016-3312 | critical | 9.1 | 9.1 | 10y ago | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Info… | |||
| CVE-2016-5116 | critical | 9.1 | 9.1 | 10y ago | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memor… | |||
| CVE-2016-5114 | critical | 9.1 | 9.1 | 10y ago | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information… | |||
| CVE-2016-3546 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vector… | |||
| CVE-2016-3543 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3541 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3527 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-6174 | high | 8.1 | 9.1 | 10y ago | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.… | |||
| CVE-2016-1337 | high | 8.1 | 9.1 | 10y ago | Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information … | |||
| CVE-2016-3989 | high | 8.1 | 9.1 | 10y ago | The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, an… | |||
| CVE-2016-3223 | high | 8.1 | 9.1 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authenticatio… | |||
| CVE-2016-4532 | critical | 9.1 | 9.1 | 10y ago | Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2016-4510 | critical | 9.1 | 9.1 | 10y ago | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | |||
| CVE-2016-4360 | critical | 9.1 | 9.1 | 10y ago | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.5… | |||
| CVE-2016-2029 | critical | 9.1 | 9.1 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. | |||
| CVE-2016-2018 | critical | 9.1 | 9.1 | 10y ago | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-4432 | critical | 9.1 | 9.1 | 10y ago | AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication | |||
| CVE-2016-4501 | critical | 9.1 | 9.1 | 10y ago | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via … | |||
| CVE-2016-3081 | high | 8.1 | 9.1 | 10y ago | Apache Struts RCE Vulnerability | |||
| CVE-2016-3466 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-0699 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… | |||
| CVE-2016-1034 | critical | 9.1 | 9.1 | 10y ago | The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec… | |||
| CVE-2016-3065 | critical | 9.1 | 9.1 | 10y ago | The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… | |||
| CVE-2016-1154 | critical | 9.1 | 9.1 | 10y ago | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-1903 | critical | 9.1 | 9.1 | 11y ago | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or ca… | |||
| CVE-2016-1142 | critical | 9.1 | 9.1 | 11y ago | Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-9587 | high | — | 9.0 | 8y ago | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed … | |||
| CVE-2016-4435 | critical | 9.0 | 9.0 | 9y ago | An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attac… | |||
| CVE-2016-9470 | critical | 9.0 | 9.0 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables … | |||
| CVE-2016-8020 | high | 8.0 | 9.0 | 9y ago | Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted … | |||
| CVE-2016-10127 | critical | 9.0 | 9.0 | 9y ago | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||
| CVE-2016-8377 | high | 8.0 | 9.0 | 9y ago | An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server,… | |||
| CVE-2016-5528 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln… | |||
| CVE-2016-7454 | high | 8.0 | 9.0 | 10y ago | CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remo… | |||
| CVE-2016-3609 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3653 | high | 8.0 | 9.0 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the auth… | |||
| CVE-2016-3454 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2016-0499 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2016-3105 | high | 8.8 | 8.8 | 4y ago | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||
| CVE-2016-3072 | high | 8.8 | 8.8 | 4y ago | Katello SQL Injection vulnerabilities | |||
| CVE-2016-3691 | high | 8.8 | 8.8 | 4y ago | Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | |||
| CVE-2016-5851 | high | 8.8 | 8.8 | 4y ago | python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||
| CVE-2016-6914 | high | 7.8 | 8.8 | 9y ago | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||
| CVE-2016-10701 | high | 8.8 | 8.8 | 9y ago | In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||
| CVE-2016-10700 | high | 8.8 | 8.8 | 9y ago | auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the… | |||
| CVE-2016-3090 | high | 8.8 | 8.8 | 9y ago | Apache Struts RCE Vulnerability | |||
| CVE-2016-4461 | high | 8.8 | 8.8 | 9y ago | Apache Struts forced double OGNL evaluation | |||
| CVE-2016-1261 | high | 8.8 | 8.8 | 9y ago | J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | |||
| CVE-2016-6806 | high | 8.8 | 8.8 | 9y ago | Apache Wicket vulnerable to CSRF attacks | |||
| CVE-2016-8744 | high | 8.8 | 8.8 | 9y ago | Deserialization of Untrusted Data in Apache Brooklyn | |||
| CVE-2016-8737 | high | 8.8 | 8.8 | 9y ago | Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) | |||
| CVE-2016-0732 | high | 8.8 | 8.8 | 9y ago | The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.… | |||
| CVE-2016-4462 | high | 8.8 | 8.8 | 9y ago | By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Fr… | |||
| CVE-2016-5861 | high | 8.8 | 8.8 | 9y ago | In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, w… | |||
| CVE-2016-5716 | high | 8.8 | 8.8 | 9y ago | The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | |||
| CVE-2016-9716 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions t… | |||
| CVE-2016-9714 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized act… | |||
| CVE-2016-8493 | high | 8.8 | 8.8 | 9y ago | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | |||
| CVE-2016-1000218 | high | 8.8 | 8.8 | 9y ago | Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially… | |||
| CVE-2016-9984 | high | 8.8 | 8.8 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | |||
| CVE-2016-7830 | high | 8.8 | 8.8 | 9y ago | Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker o… | |||
| CVE-2016-7824 | high | 8.8 | 8.8 | 9y ago | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||
| CVE-2016-7822 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perfor… | |||
| CVE-2016-7811 | high | 8.8 | 8.8 | 9y ago | Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. | |||
| CVE-2016-7809 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended opera… | |||
| CVE-2016-7803 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||
| CVE-2016-4907 | high | 8.8 | 8.8 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | |||
| CVE-2016-4471 | high | 8.8 | 8.8 | 9y ago | ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | |||
| CVE-2016-9977 | high | 8.8 | 8.8 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit t… | |||
| CVE-2016-8229 | high | 8.8 | 8.8 | 9y ago | A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||
| CVE-2016-10377 | high | 8.8 | 8.8 | 9y ago | In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extrac… | |||
| CVE-2016-4977 | high | 8.8 | 8.8 | 9y ago | Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views | |||
| CVE-2016-9842 | high | 8.8 | 8.8 | 9y ago | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||
| CVE-2016-9840 | high | 8.8 | 8.8 | 9y ago | RHSA-2025:8395: rsync security update (Low) | |||
| CVE-2016-5177 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2016-6112 | high | 8.8 | 8.8 | 9y ago | IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. I… | |||
| CVE-2016-4904 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to p… | |||
| CVE-2016-4854 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unsp… |