CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7526 | medium | 6.5 | 6.5 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||
| CVE-2016-7525 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||
| CVE-2016-7521 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||
| CVE-2016-7520 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. | |||
| CVE-2016-7518 | medium | 6.5 | 6.5 | 9y ago | The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. | |||
| CVE-2016-7517 | medium | 6.5 | 6.5 | 9y ago | The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. | |||
| CVE-2016-7516 | medium | 6.5 | 6.5 | 9y ago | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | |||
| CVE-2016-7514 | medium | 6.5 | 6.5 | 9y ago | The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||
| CVE-2016-7513 | medium | 6.5 | 6.5 | 9y ago | Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. | |||
| CVE-2016-5010 | medium | 6.5 | 6.5 | 9y ago | coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | |||
| CVE-2016-4843 | medium | 6.5 | 6.5 | 9y ago | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | |||
| CVE-2016-6336 | medium | 6.5 | 6.5 | 9y ago | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restriction… | |||
| CVE-2016-7537 | medium | 6.5 | 6.5 | 9y ago | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | |||
| CVE-2016-7533 | medium | 6.5 | 6.5 | 9y ago | The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. | |||
| CVE-2016-7531 | medium | 6.5 | 6.5 | 9y ago | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. | |||
| CVE-2016-7529 | medium | 6.5 | 6.5 | 9y ago | coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. | |||
| CVE-2016-7528 | medium | 6.5 | 6.5 | 9y ago | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. | |||
| CVE-2016-7522 | medium | 6.5 | 6.5 | 9y ago | The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||
| CVE-2016-7519 | medium | 6.5 | 6.5 | 9y ago | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-7515 | medium | 6.5 | 6.5 | 9y ago | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. | |||
| CVE-2016-4871 | medium | 6.5 | 6.5 | 9y ago | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | |||
| CVE-2016-4869 | medium | 6.5 | 6.5 | 9y ago | Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |||
| CVE-2016-5312 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn paramete… | |||
| CVE-2016-8925 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force I… | |||
| CVE-2016-4896 | medium | 6.5 | 6.5 | 9y ago | SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors. | |||
| CVE-2016-1178 | medium | 6.5 | 6.5 | 9y ago | The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. | |||
| CVE-2016-10304 | medium | 6.5 | 6.5 | 9y ago | The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java ob… | |||
| CVE-2016-5059 | medium | 6.5 | 6.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. | |||
| CVE-2016-9194 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a den… | |||
| CVE-2016-10318 | medium | 6.5 | 6.5 | 9y ago | A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign … | |||
| CVE-2016-8802 | medium | 6.5 | 6.5 | 9y ago | The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20… | |||
| CVE-2016-8781 | medium | 6.5 | 6.5 | 9y ago | Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow re… | |||
| CVE-2016-8780 | medium | 6.5 | 6.5 | 9y ago | Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive fil… | |||
| CVE-2016-8779 | medium | 6.5 | 6.5 | 9y ago | Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a s… | |||
| CVE-2016-8275 | medium | 6.5 | 6.5 | 9y ago | Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. | |||
| CVE-2016-6177 | medium | 6.5 | 6.5 | 9y ago | The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk… | |||
| CVE-2016-9266 | medium | 6.5 | 6.5 | 9y ago | listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |||
| CVE-2016-9168 | medium | 6.5 | 6.5 | 9y ago | A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. | |||
| CVE-2016-5755 | medium | 6.5 | 6.5 | 9y ago | NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | |||
| CVE-2016-1603 | medium | 6.5 | 6.5 | 9y ago | An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | |||
| CVE-2016-4931 | medium | 6.5 | 6.5 | 9y ago | XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | |||
| CVE-2016-10214 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_… | |||
| CVE-2016-10163 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) b… | |||
| CVE-2016-8005 | medium | 6.5 | 6.5 | 9y ago | File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a for… | |||
| CVE-2016-9729 | medium | 6.5 | 6.5 | 9y ago | IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545. | |||
| CVE-2016-8971 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IB… | |||
| CVE-2016-10061 | medium | 6.5 | 6.5 | 9y ago | The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) … | |||
| CVE-2016-6884 | medium | 6.5 | 6.5 | 9y ago | TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message. | |||
| CVE-2016-10060 | medium | 6.5 | 6.5 | 9y ago | The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-9559 | medium | 6.5 | 6.5 | 9y ago | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | |||
| CVE-2016-8508 | medium | 6.5 | 6.5 | 9y ago | Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for pr… | |||
| CVE-2016-8507 | medium | 6.5 | 6.5 | 9y ago | Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video … | |||
| CVE-2016-9818 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | |||
| CVE-2016-9817 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||
| CVE-2016-9816 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||
| CVE-2016-9815 | medium | 6.5 | 6.5 | 9y ago | Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||
| CVE-2016-8105 | medium | 6.5 | 6.5 | 9y ago | Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. | |||
| CVE-2016-8986 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | |||
| CVE-2016-8915 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | |||
| CVE-2016-3013 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | |||
| CVE-2016-9384 | medium | 6.5 | 6.5 | 9y ago | Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | |||
| CVE-2016-7627 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It… | |||
| CVE-2016-7623 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensi… | |||
| CVE-2016-7599 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7598 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7591 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It … | |||
| CVE-2016-7586 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7580 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted … | |||
| CVE-2016-4613 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue invol… | |||
| CVE-2016-7510 | medium | 6.5 | 6.5 | 9y ago | The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | |||
| CVE-2016-5037 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2016-5035 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-5034 | medium | 6.5 | 6.5 | 9y ago | dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | |||
| CVE-2016-5033 | medium | 6.5 | 6.5 | 9y ago | The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-5032 | medium | 6.5 | 6.5 | 9y ago | The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2016-5030 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2016-5029 | medium | 6.5 | 6.5 | 9y ago | The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. | |||
| CVE-2016-5028 | medium | 6.5 | 6.5 | 9y ago | The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. | |||
| CVE-2016-8680 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |||
| CVE-2016-8679 | medium | 6.5 | 6.5 | 9y ago | The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on … | |||
| CVE-2016-8362 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-R… | |||
| CVE-2016-4987 | medium | 6.5 | 6.5 | 9y ago | Jenkins Image Gallery Plugin allows Path Traversal | |||
| CVE-2016-6188 | medium | 6.5 | 6.5 | 9y ago | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | |||
| CVE-2016-8933 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra… | |||
| CVE-2016-6110 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||
| CVE-2016-8913 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |||
| CVE-2016-6126 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc… | |||
| CVE-2016-6085 | medium | 6.5 | 6.5 | 9y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers. | |||
| CVE-2016-6084 | medium | 6.5 | 6.5 | 9y ago | IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||
| CVE-2016-5994 | medium | 6.5 | 6.5 | 9y ago | IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | |||
| CVE-2016-5988 | medium | 6.5 | 6.5 | 9y ago | IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | |||
| CVE-2016-5950 | medium | 6.5 | 6.5 | 9y ago | IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. | |||
| CVE-2016-3027 | medium | 6.5 | 6.5 | 9y ago | IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnera… | |||
| CVE-2016-3022 | medium | 6.5 | 6.5 | 9y ago | IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. | |||
| CVE-2016-9413 | medium | 6.5 | 6.5 | 10y ago | The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-2050 | medium | 6.5 | 6.5 | 10y ago | The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | |||
| CVE-2016-8311 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-5549 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easil… | |||
| CVE-2016-5548 | medium | 6.5 | 6.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111… | |||
| CVE-2016-4055 | medium | 6.5 | 6.5 | 10y ago | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser… |