CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows r… | |||
| CVE-2016-7589 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3… | |||
| CVE-2016-7588 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" compone… | |||
| CVE-2016-7587 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7582 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privile… | |||
| CVE-2016-7578 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1… | |||
| CVE-2016-4764 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKi… | |||
| CVE-2016-4692 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-4691 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It a… | |||
| CVE-2016-4688 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 … | |||
| CVE-2016-4677 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4669 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4667 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of … | |||
| CVE-2016-4666 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4617 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | |||
| CVE-2016-8677 | high | 8.8 | 8.8 | 9y ago | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation… | |||
| CVE-2016-8972 | high | 7.8 | 8.8 | 9y ago | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||
| CVE-2016-8866 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocatio… | |||
| CVE-2016-8862 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failur… | |||
| CVE-2016-6079 | high | 7.8 | 8.8 | 9y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… | |||
| CVE-2016-6033 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… | |||
| CVE-2016-9365 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-8369 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the r… | |||
| CVE-2016-5796 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or t… | |||
| CVE-2016-3616 | high | 8.8 | 8.8 | 9y ago | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | |||
| CVE-2016-5727 | high | 8.8 | 8.8 | 9y ago | LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input… | |||
| CVE-2016-6103 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-8932 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8931 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8941 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website… | |||
| CVE-2016-8921 | high | 8.8 | 8.8 | 10y ago | IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6124 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6045 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-5952 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati… | |||
| CVE-2016-5937 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust… | |||
| CVE-2016-3053 | high | 7.8 | 8.8 | 10y ago | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||
| CVE-2016-3029 | high | 8.8 | 8.8 | 10y ago | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tr… | |||
| CVE-2016-6270 | high | 8.8 | 8.8 | 10y ago | The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrar… | |||
| CVE-2016-6266 | high | 8.8 | 8.8 | 10y ago | ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via… | |||
| CVE-2016-2399 | high | 7.8 | 8.8 | 10y ago | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h… | |||
| CVE-2016-9218 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Inform… | |||
| CVE-2016-9304 | high | 8.8 | 8.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. | |||
| CVE-2016-9383 | high | 8.8 | 8.8 | 10y ago | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute … | |||
| CVE-2016-9012 | high | 8.8 | 8.8 | 10y ago | CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/cons… | |||
| CVE-2016-7792 | high | 8.8 | 8.8 | 10y ago | Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | |||
| CVE-2016-6521 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of … | |||
| CVE-2016-1417 | high | 8.8 | 8.8 | 10y ago | Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same… | |||
| CVE-2016-0769 | high | 8.8 | 8.8 | 10y ago | Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote… | |||
| CVE-2016-10156 | high | 7.8 | 8.8 | 10y ago | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th… | |||
| CVE-2016-6253 | high | 7.8 | 8.8 | 10y ago | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th… | |||
| CVE-2016-9016 | high | 8.8 | 8.8 | 10y ago | Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-7793 | high | 8.8 | 8.8 | 10y ago | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||
| CVE-2016-7545 | high | 8.8 | 8.8 | 10y ago | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-5213 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5211 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5210 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5209 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5206 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5203 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5200 | high | 8.8 | 8.8 | 10y ago | V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attac… | |||
| CVE-2016-5199 | high | 8.8 | 8.8 | 10y ago | An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for A… | |||
| CVE-2016-5197 | high | 8.8 | 8.8 | 10y ago | The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbi… | |||
| CVE-2016-5196 | high | 8.8 | 8.8 | 10y ago | The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any d… | |||
| CVE-2016-3406 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) th… | |||
| CVE-2016-6772 | high | 7.8 | 8.8 | 10y ago | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau… | |||
| CVE-2016-9867 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate … | |||
| CVE-2016-7902 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by u… | |||
| CVE-2016-10081 | high | 7.8 | 8.8 | 10y ago | /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | |||
| CVE-2016-7461 | high | 8.8 | 8.8 | 10y ago | The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS us… | |||
| CVE-2016-7084 | high | 7.8 | 8.8 | 10y ago | tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execu… | |||
| CVE-2016-7083 | high | 7.8 | 8.8 | 10y ago | VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary co… | |||
| CVE-2016-9793 | high | 7.8 | 8.8 | 10y ago | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory … | |||
| CVE-2016-9217 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mo… | |||
| CVE-2016-7283 | high | 8.8 | 8.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-7273 | high | 8.8 | 8.8 | 10y ago | The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code… | |||
| CVE-2016-7272 | high | 8.8 | 8.8 | 10y ago | The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607… | |||
| CVE-2016-5185 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5184 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5183 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5182 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-9950 | high | 7.8 | 8.8 | 10y ago | An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package sp… | |||
| CVE-2016-9949 | high | 7.8 | 8.8 | 10y ago | An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers t… | |||
| CVE-2016-9566 | high | 7.8 | 8.8 | 10y ago | base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged … | |||
| CVE-2016-7890 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. | |||
| CVE-2016-7885 | high | 8.8 | 8.8 | 10y ago | Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | |||
| CVE-2016-7881 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful … | |||
| CVE-2016-7880 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitat… | |||
| CVE-2016-7879 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Succe… | |||
| CVE-2016-7878 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to ar… | |||
| CVE-2016-7877 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitatio… | |||
| CVE-2016-7876 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Success… | |||
| CVE-2016-7875 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrar… | |||
| CVE-2016-7874 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful e… | |||
| CVE-2016-7873 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successfu… | |||
| CVE-2016-7872 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels… | |||
| CVE-2016-7871 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary c… | |||
| CVE-2016-7870 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successf… | |||
| CVE-2016-7869 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionalit… | |||
| CVE-2016-7868 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Su… | |||
| CVE-2016-7867 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Succ… |