CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7635 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7632 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7626 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows … | |||
| CVE-2016-7611 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7610 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7596 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7595 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It all… | |||
| CVE-2016-7594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows r… | |||
| CVE-2016-7589 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3… | |||
| CVE-2016-7588 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" compone… | |||
| CVE-2016-7587 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7582 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privile… | |||
| CVE-2016-7578 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1… | |||
| CVE-2016-4764 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKi… | |||
| CVE-2016-4692 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-4691 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It a… | |||
| CVE-2016-4688 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 … | |||
| CVE-2016-4677 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4669 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4667 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of … | |||
| CVE-2016-4666 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4617 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | |||
| CVE-2016-4311 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc… | |||
| CVE-2016-8677 | high | 8.8 | 8.8 | 9y ago | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation… | |||
| CVE-2016-8866 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocatio… | |||
| CVE-2016-8862 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failur… | |||
| CVE-2016-6033 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… | |||
| CVE-2016-9365 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-8369 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the r… | |||
| CVE-2016-5809 | high | 8.8 | 8.8 | 9y ago | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gen… | |||
| CVE-2016-5796 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or t… | |||
| CVE-2016-3616 | high | 8.8 | 8.8 | 9y ago | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | |||
| CVE-2016-5727 | high | 8.8 | 8.8 | 9y ago | LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input… | |||
| CVE-2016-2539 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files an… | |||
| CVE-2016-6103 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-8932 | high | 8.8 | 8.8 | 9y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8931 | high | 8.8 | 8.8 | 9y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8941 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website… | |||
| CVE-2016-8921 | high | 8.8 | 8.8 | 9y ago | IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6124 | high | 8.8 | 8.8 | 9y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6045 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-5952 | high | 8.8 | 8.8 | 9y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati… | |||
| CVE-2016-5937 | high | 8.8 | 8.8 | 9y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust… | |||
| CVE-2016-3029 | high | 8.8 | 8.8 | 9y ago | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tr… | |||
| CVE-2016-6270 | high | 8.8 | 8.8 | 10y ago | The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrar… | |||
| CVE-2016-6266 | high | 8.8 | 8.8 | 10y ago | ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via… | |||
| CVE-2016-9218 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Inform… | |||
| CVE-2016-9304 | high | 8.8 | 8.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. | |||
| CVE-2016-9383 | high | 8.8 | 8.8 | 10y ago | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute … | |||
| CVE-2016-9012 | high | 8.8 | 8.8 | 10y ago | CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/cons… | |||
| CVE-2016-7792 | high | 8.8 | 8.8 | 10y ago | Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | |||
| CVE-2016-6521 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of … | |||
| CVE-2016-4340 | high | 8.8 | 8.8 | 10y ago | The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as … | |||
| CVE-2016-1417 | high | 8.8 | 8.8 | 10y ago | Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same… | |||
| CVE-2016-0769 | high | 8.8 | 8.8 | 10y ago | Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote… | |||
| CVE-2016-6253 | high | 7.8 | 8.8 | 10y ago | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th… | |||
| CVE-2016-9016 | high | 8.8 | 8.8 | 10y ago | Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-7793 | high | 8.8 | 8.8 | 10y ago | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||
| CVE-2016-7545 | high | 8.8 | 8.8 | 10y ago | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-5213 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5211 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5210 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5209 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5206 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5203 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5200 | high | 8.8 | 8.8 | 10y ago | V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attac… | |||
| CVE-2016-5199 | high | 8.8 | 8.8 | 10y ago | An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for A… | |||
| CVE-2016-5197 | high | 8.8 | 8.8 | 10y ago | The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbi… | |||
| CVE-2016-5196 | high | 8.8 | 8.8 | 10y ago | The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any d… | |||
| CVE-2016-3406 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) th… | |||
| CVE-2016-7998 | high | 8.8 | 8.8 | 10y ago | The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a… | |||
| CVE-2016-7980 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu… | |||
| CVE-2016-4808 | high | 8.8 | 8.8 | 10y ago | Web2py Cross-Site Request Forgery vulnerability | |||
| CVE-2016-9867 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate … | |||
| CVE-2016-7902 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by u… | |||
| CVE-2016-7461 | high | 8.8 | 8.8 | 10y ago | The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS us… | |||
| CVE-2016-9217 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mo… | |||
| CVE-2016-7283 | high | 8.8 | 8.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-7274 | high | 8.8 | 8.8 | 10y ago | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2016-7273 | high | 8.8 | 8.8 | 10y ago | The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code… | |||
| CVE-2016-7272 | high | 8.8 | 8.8 | 10y ago | The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607… | |||
| CVE-2016-5185 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5184 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5183 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5182 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-7890 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. | |||
| CVE-2016-7885 | high | 8.8 | 8.8 | 10y ago | Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | |||
| CVE-2016-7881 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful … | |||
| CVE-2016-7880 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitat… | |||
| CVE-2016-7879 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Succe… | |||
| CVE-2016-7878 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to ar… | |||
| CVE-2016-7877 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitatio… | |||
| CVE-2016-7876 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Success… | |||
| CVE-2016-7875 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrar… | |||
| CVE-2016-7874 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful e… | |||
| CVE-2016-7873 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successfu… | |||
| CVE-2016-7872 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels… | |||
| CVE-2016-7871 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary c… | |||
| CVE-2016-7870 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successf… | |||
| CVE-2016-7869 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionalit… |