CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8733 | high | 8.8 | 8.8 | 10y ago | An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when de… | |||
| CVE-2016-6468 | high | 8.8 | 8.8 | 10y ago | A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform ar… | |||
| CVE-2016-6491 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read,… | |||
| CVE-2016-9429 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and pos… | |||
| CVE-2016-9428 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (cra… | |||
| CVE-2016-9426 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM)… | |||
| CVE-2016-9425 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (cra… | |||
| CVE-2016-9424 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap b… | |||
| CVE-2016-9423 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar… | |||
| CVE-2016-9422 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause… | |||
| CVE-2016-6619 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4… | |||
| CVE-2016-6609 | high | 8.8 | 8.8 | 10y ago | phpMyAdmin PHP code injection | |||
| CVE-2016-8655 | high | 7.8 | 8.8 | 10y ago | Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capabilit… | |||
| CVE-2016-2917 | high | 8.8 | 8.8 | 10y ago | The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via u… | |||
| CVE-2016-2873 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-2963 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequence… | |||
| CVE-2016-1247 | high | 7.8 | 8.8 | 10y ago | The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu… | |||
| CVE-2016-5685 | high | 8.8 | 8.8 | 10y ago | Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | |||
| CVE-2016-5393 | high | 8.8 | 8.8 | 10y ago | Improper Access Control in Apache Hadoop | |||
| CVE-2016-6707 | high | 7.8 | 8.8 | 10y ago | An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the con… | |||
| CVE-2016-8673 | high | 8.8 | 8.8 | 10y ago | A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SI… | |||
| CVE-2016-9151 | high | 7.8 | 8.8 | 10y ago | Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted v… | |||
| CVE-2016-8908 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-8907 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-8906 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-8905 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||
| CVE-2016-8904 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-8903 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-7254 | high | 8.8 | 8.8 | 10y ago | Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS E… | |||
| CVE-2016-7253 | high | 8.8 | 8.8 | 10y ago | The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecif… | |||
| CVE-2016-7250 | high | 8.8 | 8.8 | 10y ago | Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL … | |||
| CVE-2016-7249 | high | 8.8 | 8.8 | 10y ago | Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation o… | |||
| CVE-2016-7217 | high | 8.8 | 8.8 | 10y ago | Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code … | |||
| CVE-2016-7205 | high | 8.8 | 8.8 | 10y ago | Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows… | |||
| CVE-2016-8811 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8810 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8809 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8808 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8807 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8806 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8805 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7391 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7390 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7387 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7385 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7384 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where un… | |||
| CVE-2016-7865 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7864 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7863 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7862 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7861 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7860 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7859 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7858 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-7857 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-9242 | high | 8.8 | 8.8 | 10y ago | Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary S… | |||
| CVE-2016-9187 | high | 8.8 | 8.8 | 10y ago | Moodle Unrestricted file upload vulnerability | |||
| CVE-2016-9186 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an … | |||
| CVE-2016-8878 | high | 8.8 | 8.8 | 10y ago | Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedd… | |||
| CVE-2016-8877 | high | 8.8 | 8.8 | 10y ago | Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded i… | |||
| CVE-2016-9028 | high | 8.8 | 8.8 | 10y ago | Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user … | |||
| CVE-2016-6444 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. … | |||
| CVE-2016-6443 | high | 8.8 | 8.8 | 10y ago | A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by exe… | |||
| CVE-2016-6442 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the we… | |||
| CVE-2016-5607 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenti… | |||
| CVE-2016-5523 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-5519 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and avai… | |||
| CVE-2016-5515 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-5514 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-3505 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, … | |||
| CVE-2016-1000213 | high | 8.8 | 8.8 | 10y ago | Ruckus Wireless H500 web management interface CSRF | |||
| CVE-2016-0326 | high | 8.8 | 8.8 | 10y ago | IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote auth… | |||
| CVE-2016-0241 | high | 8.8 | 8.8 | 10y ago | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by se… | |||
| CVE-2016-0239 | high | 8.8 | 8.8 | 10y ago | IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges v… | |||
| CVE-2016-0236 | high | 8.8 | 8.8 | 10y ago | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with ro… | |||
| CVE-2016-7188 | high | 7.8 | 8.8 | 10y ago | The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted applicatio… | |||
| CVE-2016-7185 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-3376 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-6992 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecifi… | |||
| CVE-2016-6990 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6989 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6987 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-6986 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6985 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6984 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6983 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6982 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-6981 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4286 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecifi… | |||
| CVE-2016-5425 | high | 7.8 | 8.8 | 10y ago | The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l… | |||
| CVE-2016-1000216 | high | 8.8 | 8.8 | 10y ago | Ruckus Wireless H500 web management interface authenticated command injection | |||
| CVE-2016-7040 | high | 8.8 | 8.8 | 10y ago | Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to… | |||
| CVE-2016-1000000 | high | 8.8 | 8.8 | 10y ago | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||
| CVE-2016-6434 | high | 7.8 | 8.8 | 10y ago | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||
| CVE-2016-6427 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote atta… | |||
| CVE-2016-7020 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-6417 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitra… | |||
| CVE-2016-6645 | high | 8.8 | 8.8 | 10y ago | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute ar… | |||
| CVE-2016-1244 | high | 8.8 | 8.8 | 10y ago | The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | |||
| CVE-2016-3621 | high | 8.8 | 8.8 | 10y ago | The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a … |