CVEs from 2016
Total
8,466
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9436 | medium | 6.5 | 6.5 | 10y ago | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | |||
| CVE-2016-9435 | medium | 6.5 | 6.5 | 10y ago | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd… | |||
| CVE-2016-5321 | medium | 6.5 | 6.5 | 10y ago | The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. | |||
| CVE-2016-5319 | medium | 6.5 | 6.5 | 10y ago | Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. | |||
| CVE-2016-5318 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. | |||
| CVE-2016-5317 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service atta… | |||
| CVE-2016-5316 | medium | 6.5 | 6.5 | 10y ago | Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr too… | |||
| CVE-2016-5223 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5222 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5220 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5218 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5217 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5212 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5201 | medium | 6.5 | 6.5 | 10y ago | A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged J… | |||
| CVE-2016-3414 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. | |||
| CVE-2016-3401 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. | |||
| CVE-2016-7799 | medium | 6.5 | 6.5 | 10y ago | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||
| CVE-2016-7101 | medium | 6.5 | 6.5 | 10y ago | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |||
| CVE-2016-9310 | medium | 6.5 | 6.5 | 10y ago | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | |||
| CVE-2016-1549 | medium | 6.5 | 6.5 | 10y ago | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a… | |||
| CVE-2016-6595 | medium | 6.5 | 6.5 | 10y ago | The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor dis… | |||
| CVE-2016-10106 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra… | |||
| CVE-2016-9916 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leverag… | |||
| CVE-2016-9915 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by levera… | |||
| CVE-2016-9914 | medium | 6.5 | 6.5 | 10y ago | Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a … | |||
| CVE-2016-9913 | medium | 6.5 | 6.5 | 10y ago | Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and … | |||
| CVE-2016-9846 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest… | |||
| CVE-2016-9845 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A … | |||
| CVE-2016-9224 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.… | |||
| CVE-2016-9921 | medium | 6.5 | 6.5 | 10y ago | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. … | |||
| CVE-2016-9912 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. … | |||
| CVE-2016-9911 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process coul… | |||
| CVE-2016-9907 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest … | |||
| CVE-2016-7968 | medium | 6.5 | 6.5 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||
| CVE-2016-7257 | medium | 6.5 | 6.5 | 10y ago | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive informati… | |||
| CVE-2016-5192 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5189 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5187 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-9951 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |||
| CVE-2016-8827 | medium | 6.5 | 6.5 | 10y ago | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter valid… | |||
| CVE-2016-9964 | medium | 6.5 | 6.5 | 10y ago | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |||
| CVE-2016-9208 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… | |||
| CVE-2016-9207 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… | |||
| CVE-2016-9204 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … | |||
| CVE-2016-9199 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… | |||
| CVE-2016-6473 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu… | |||
| CVE-2016-6471 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… | |||
| CVE-2016-9633 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |||
| CVE-2016-9632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9631 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9629 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9628 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9627 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9626 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9625 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9624 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9623 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9622 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9443 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9442 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | |||
| CVE-2016-9441 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9440 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9439 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9438 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9437 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a… | |||
| CVE-2016-9434 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9433 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. | |||
| CVE-2016-9432 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HT… | |||
| CVE-2016-9431 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9430 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-6630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to … | |||
| CVE-2016-6623 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… | |||
| CVE-2016-6618 | medium | 6.5 | 6.5 | 10y ago | phpMyAdmin Denial of service (DOS) attack in transformation feature | |||
| CVE-2016-6612 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… | |||
| CVE-2016-3044 | medium | 6.5 | 6.5 | 10y ago | The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | |||
| CVE-2016-2881 | medium | 6.5 | 6.5 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request paramete… | |||
| CVE-2016-2950 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-2937 | medium | 6.5 | 6.5 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil… | |||
| CVE-2016-5765 | medium | 6.5 | 6.5 | 10y ago | Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote un… | |||
| CVE-2016-0317 | medium | 6.5 | 6.5 | 10y ago | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-9452 | medium | 6.5 | 6.5 | 10y ago | Drupal Denial of service via transliterate mechanism | |||
| CVE-2016-2996 | medium | 6.5 | 6.5 | 10y ago | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. | |||
| CVE-2016-9149 | medium | 6.5 | 6.5 | 10y ago | The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single qu… | |||
| CVE-2016-6457 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | |||
| CVE-2016-7252 | medium | 6.5 | 6.5 | 10y ago | Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnera… | |||
| CVE-2016-7237 | medium | 6.5 | 6.5 | 10y ago | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win… | |||
| CVE-2016-7233 | medium | 6.5 | 6.5 | 10y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Off… | |||
| CVE-2016-7210 | medium | 6.5 | 6.5 | 10y ago | atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2016-6454 | medium | 6.5 | 6.5 | 10y ago | A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute u… | |||
| CVE-2016-9086 | medium | 6.5 | 6.5 | 10y ago | GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their p… | |||
| CVE-2016-8879 | medium | 6.5 | 6.5 | 10y ago | The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and a… | |||
| CVE-2016-7965 | medium | 6.5 | 6.5 | 10y ago | DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can cha… | |||
| CVE-2016-9117 | medium | 6.5 | 6.5 | 10y ago | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-9116 | medium | 6.5 | 6.5 | 10y ago | NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-9115 | medium | 6.5 | 6.5 | 10y ago | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-4394 | medium | 6.5 | 6.5 | 10y ago | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | |||
| CVE-2016-6440 | medium | 6.5 | 6.5 | 10y ago | The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information… | |||
| CVE-2016-5627 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5626 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. |