CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4763 | medium | 6.8 | 6.8 | 10y ago | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attack… | |||
| CVE-2016-3889 | medium | 6.8 | 6.8 | 10y ago | Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a syst… | |||
| CVE-2016-3886 | medium | 6.8 | 6.8 | 10y ago | systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attacker… | |||
| CVE-2016-3876 | medium | 6.8 | 6.8 | 10y ago | providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and b… | |||
| CVE-2016-3875 | medium | 6.8 | 6.8 | 10y ago | server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restriction… | |||
| CVE-2016-5878 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… | |||
| CVE-2016-0230 | medium | 6.8 | 6.8 | 10y ago | IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows … | |||
| CVE-2016-5304 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites… | |||
| CVE-2016-2167 | medium | 6.8 | 6.8 | 10y ago | The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate … | |||
| CVE-2016-0774 | medium | 6.8 | 6.8 | 10y ago | The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-… | |||
| CVE-2016-0128 | medium | 6.8 | 6.8 | 10y ago | The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows … | |||
| CVE-2016-1563 | medium | 6.8 | 6.8 | 10y ago | NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte… | |||
| CVE-2016-1734 | medium | 6.8 | 6.8 | 10y ago | AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupt… | |||
| CVE-2016-2088 | medium | 6.8 | 6.8 | 10y ago | resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed … | |||
| CVE-2016-1285 | medium | 6.8 | 6.8 | 10y ago | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service … | |||
| CVE-2016-0133 | medium | 6.8 | 6.8 | 10y ago | The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold … | |||
| CVE-2016-2562 | medium | 6.8 | 6.8 | 10y ago | phpMyAdmin Improper Input Validation | |||
| CVE-2016-2270 | medium | 6.8 | 6.8 | 10y ago | Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||
| CVE-2016-2268 | medium | 6.8 | 6.8 | 10y ago | Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2016-0723 | medium | 6.8 | 6.8 | 10y ago | Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (… | |||
| CVE-2016-0505 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0504 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-050… | |||
| CVE-2016-0441 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unkno… | |||
| CVE-2016-0415 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-9197 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying o… | |||
| CVE-2016-9196 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to… | |||
| CVE-2016-8793 | medium | 6.7 | 6.7 | 9y ago | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Vers… | |||
| CVE-2016-8775 | medium | 6.7 | 6.7 | 9y ago | Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows at… | |||
| CVE-2016-8774 | medium | 6.7 | 6.7 | 9y ago | The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones… | |||
| CVE-2016-8769 | medium | 6.7 | 6.7 | 9y ago | Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file … | |||
| CVE-2016-9360 | medium | 6.7 | 6.7 | 9y ago | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Versi… | |||
| CVE-2016-8216 | medium | 6.7 | 6.7 | 9y ago | EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain … | |||
| CVE-2016-6649 | medium | 6.7 | 6.7 | 9y ago | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … | |||
| CVE-2016-8214 | medium | 6.7 | 6.7 | 10y ago | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||
| CVE-2016-9870 | medium | 6.7 | 6.7 | 10y ago | EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerabilit… | |||
| CVE-2016-8103 | medium | 6.7 | 6.7 | 10y ago | SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. | |||
| CVE-2016-5540 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5538 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability… | |||
| CVE-2016-7154 | medium | 6.7 | 6.7 | 10y ago | Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain s… | |||
| CVE-2016-0905 | medium | 6.7 | 6.7 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | |||
| CVE-2016-6351 | medium | 6.7 | 6.7 | 10y ago | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (ou… | |||
| CVE-2016-3489 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via un… | |||
| CVE-2016-5848 | medium | 6.7 | 6.7 | 10y ago | Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||
| CVE-2016-4962 | medium | 6.7 | 6.7 | 10y ago | The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges… | |||
| CVE-2016-0908 | medium | 6.7 | 6.7 | 10y ago | EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | |||
| CVE-2016-4439 | medium | 6.7 | 6.7 | 10y ago | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause … | |||
| CVE-2016-0678 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors… | |||
| CVE-2016-1267 | medium | 6.7 | 6.7 | 10y ago | Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13… | |||
| CVE-2016-1320 | medium | 6.7 | 6.7 | 10y ago | The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | |||
| CVE-2016-3129 | medium | 6.6 | 6.6 | 10y ago | A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote at… | |||
| CVE-2016-8561 | medium | 6.6 | 6.6 | 10y ago | A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the … | |||
| CVE-2016-5025 | medium | 6.6 | 6.6 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows… | |||
| CVE-2016-5581 | medium | 6.6 | 6.6 | 10y ago | Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and … | |||
| CVE-2016-3372 | medium | 6.6 | 6.6 | 10y ago | The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cau… | |||
| CVE-2016-6898 | medium | 6.6 | 6.6 | 10y ago | XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary fi… | |||
| CVE-2016-4525 | medium | 6.6 | 6.6 | 10y ago | Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESA… | |||
| CVE-2016-1715 | medium | 6.6 | 6.6 | 11y ago | The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Win… | |||
| CVE-2016-2533 | medium | 6.5 | 6.5 | 8y ago | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) … | |||
| CVE-2016-8734 | medium | 6.5 | 6.5 | 9y ago | Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The a… | |||
| CVE-2016-6815 | medium | 6.5 | 6.5 | 9y ago | Moderate severity vulnerability that affects org.apache.ranger:ranger | |||
| CVE-2016-10514 | medium | 6.5 | 6.5 | 9y ago | url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a su… | |||
| CVE-2016-1895 | medium | 6.5 | 6.5 | 9y ago | NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | |||
| CVE-2016-10507 | medium | 6.5 | 6.5 | 9y ago | Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application … | |||
| CVE-2016-10506 | medium | 6.5 | 6.5 | 9y ago | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (applic… | |||
| CVE-2016-10505 | medium | 6.5 | 6.5 | 9y ago | NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in… | |||
| CVE-2016-10504 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f… | |||
| CVE-2016-2965 | medium | 6.5 | 6.5 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote a… | |||
| CVE-2016-0356 | medium | 6.5 | 6.5 | 9y ago | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-… | |||
| CVE-2016-0355 | medium | 6.5 | 6.5 | 9y ago | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-… | |||
| CVE-2016-7845 | medium | 6.5 | 6.5 | 9y ago | GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | |||
| CVE-2016-9717 | medium | 6.5 | 6.5 | 9y ago | HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated pa… | |||
| CVE-2016-6312 | medium | 6.5 | 6.5 | 9y ago | The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remot… | |||
| CVE-2016-9982 | medium | 6.5 | 6.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. | |||
| CVE-2016-10364 | medium | 6.5 | 6.5 | 9y ago | With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those se… | |||
| CVE-2016-8219 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability t… | |||
| CVE-2016-7826 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | |||
| CVE-2016-7825 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | |||
| CVE-2016-7821 | medium | 6.5 | 6.5 | 9y ago | Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. | |||
| CVE-2016-7802 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-3019 | medium | 6.5 | 6.5 | 9y ago | IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. | |||
| CVE-2016-0254 | medium | 6.5 | 6.5 | 9y ago | IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker c… | |||
| CVE-2016-5004 | medium | 6.5 | 6.5 | 9y ago | ws-xmlrpc DoS Vulnerability | |||
| CVE-2016-3077 | medium | 6.5 | 6.5 | 9y ago | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | |||
| CVE-2016-3066 | medium | 6.5 | 6.5 | 9y ago | The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | |||
| CVE-2016-2192 | medium | 6.5 | 6.5 | 9y ago | PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | |||
| CVE-2016-0767 | medium | 6.5 | 6.5 | 9y ago | PostgreSQL PL/Java Improper Privilege Management | |||
| CVE-2016-2165 | medium | 6.5 | 6.5 | 9y ago | The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when… | |||
| CVE-2016-9750 | medium | 6.5 | 6.5 | 9y ago | IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||
| CVE-2016-2126 | medium | 6.5 | 6.5 | 9y ago | Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the w… | |||
| CVE-2016-3114 | medium | 6.5 | 6.5 | 9y ago | Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. | |||
| CVE-2016-1194 | medium | 6.5 | 6.5 | 9y ago | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | |||
| CVE-2016-3729 | medium | 6.5 | 6.5 | 9y ago | Moodle Improper Access Control | |||
| CVE-2016-7540 | medium | 6.5 | 6.5 | 9y ago | coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | |||
| CVE-2016-7538 | medium | 6.5 | 6.5 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||
| CVE-2016-7536 | medium | 6.5 | 6.5 | 9y ago | magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | |||
| CVE-2016-7535 | medium | 6.5 | 6.5 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. | |||
| CVE-2016-7534 | medium | 6.5 | 6.5 | 9y ago | The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. | |||
| CVE-2016-7532 | medium | 6.5 | 6.5 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||
| CVE-2016-7530 | medium | 6.5 | 6.5 | 9y ago | The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. | |||
| CVE-2016-7527 | medium | 6.5 | 6.5 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |