CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10142 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security … | |||
| CVE-2016-10124 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push c… | |||
| CVE-2016-9752 | high | 8.6 | 8.6 | 10y ago | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | |||
| CVE-2016-4333 | high | 8.6 | 8.6 | 10y ago | The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's term… | |||
| CVE-2016-4332 | high | 8.6 | 8.6 | 10y ago | The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't su… | |||
| CVE-2016-4331 | high | 8.6 | 8.6 | 10y ago | When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execu… | |||
| CVE-2016-4330 | high | 8.6 | 8.6 | 10y ago | In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, … | |||
| CVE-2016-7964 | high | 8.6 | 8.6 | 10y ago | The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This … | |||
| CVE-2016-5588 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5558 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-0249 | high | 8.6 | 8.6 | 10y ago | SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbit… | |||
| CVE-2016-2308 | high | 8.6 | 8.6 | 10y ago | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, … | |||
| CVE-2016-6250 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying f… | |||
| CVE-2016-4384 | high | 8.6 | 8.6 | 10y ago | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-0904 | high | 8.6 | 8.6 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … | |||
| CVE-2016-5814 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remo… | |||
| CVE-2016-6597 | high | 8.6 | 8.6 | 10y ago | Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the r… | |||
| CVE-2016-1951 | high | 8.6 | 8.6 | 10y ago | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified oth… | |||
| CVE-2016-4029 | high | 8.6 | 8.6 | 10y ago | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via… | |||
| CVE-2016-5096 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2016-5095 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have … | |||
| CVE-2016-5094 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecifie… | |||
| CVE-2016-5093 | high | 8.6 | 8.6 | 10y ago | The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows … | |||
| CVE-2016-3596 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3595 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3594 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3593 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3592 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3591 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3590 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3583 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3582 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3581 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3580 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3576 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3575 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-1394 | high | 8.6 | 8.6 | 10y ago | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||
| CVE-2016-4791 | high | 8.6 | 8.6 | 10y ago | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arb… | |||
| CVE-2016-4001 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cau… | |||
| CVE-2016-2222 | high | 8.6 | 8.6 | 10y ago | The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o… | |||
| CVE-2016-4554 | high | 8.6 | 8.6 | 10y ago | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header sm… | |||
| CVE-2016-4553 | high | 8.6 | 8.6 | 10y ago | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks vi… | |||
| CVE-2016-1373 | high | 8.6 | 8.6 | 10y ago | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10… | |||
| CVE-2016-3455 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-2293 | high | 8.6 | 8.6 | 10y ago | The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||
| CVE-2016-4014 | high | 8.6 | 8.6 | 10y ago | XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to ud… | |||
| CVE-2016-1286 | high | 8.6 | 8.6 | 10y ago | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME r… | |||
| CVE-2016-0736 | high | 7.5 | 8.5 | 9y ago | In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul… | |||
| CVE-2016-7508 | high | 7.5 | 8.5 | 9y ago | Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5… | |||
| CVE-2016-10073 | high | 7.5 | 8.5 | 9y ago | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr… | |||
| CVE-2016-7054 | high | 7.5 | 8.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue i… | |||
| CVE-2016-1561 | high | 7.5 | 8.5 | 9y ago | ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a pri… | |||
| CVE-2016-8022 | high | 7.5 | 8.5 | 9y ago | Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den… | |||
| CVE-2016-9727 | high | 8.5 | 8.5 | 9y ago | IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… | |||
| CVE-2016-6255 | high | 7.5 | 8.5 | 9y ago | Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||
| CVE-2016-4312 | high | 7.5 | 8.5 | 9y ago | XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to … | |||
| CVE-2016-8358 | high | 8.5 | 8.5 | 9y ago | An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which… | |||
| CVE-2016-9349 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. | |||
| CVE-2016-9332 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr… | |||
| CVE-2016-9244 | high | 7.5 | 8.5 | 9y ago | A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi… | |||
| CVE-2016-10079 | high | 7.5 | 8.5 | 10y ago | SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||
| CVE-2016-6601 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame… | |||
| CVE-2016-4793 | high | 7.5 | 8.5 | 10y ago | CakePHP allows remote attackers to spoof their IP | |||
| CVE-2016-7982 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti… | |||
| CVE-2016-2233 | high | 7.5 | 8.5 | 10y ago | Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP … | |||
| CVE-2016-7434 | high | 7.5 | 8.5 | 10y ago | The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | |||
| CVE-2016-4806 | high | 7.5 | 8.5 | 10y ago | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | |||
| CVE-2016-7462 | high | 8.5 | 8.5 | 10y ago | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a rel… | |||
| CVE-2016-10031 | high | 7.5 | 8.5 | 10y ago | WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l… | |||
| CVE-2016-7288 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7287 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, ak… | |||
| CVE-2016-7286 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-9838 | high | 7.5 | 8.5 | 10y ago | An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… | |||
| CVE-2016-8740 | high | 7.5 | 8.5 | 10y ago | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca… | |||
| CVE-2016-2988 | high | 8.5 | 8.5 | 10y ago | IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … | |||
| CVE-2016-7241 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-7240 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7203 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7202 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7194 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7190 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7189 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3387 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof… | |||
| CVE-2016-3386 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-2776 | high | 7.5 | 8.5 | 10y ago | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-3247 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-6855 | high | 7.5 | 8.5 | 10y ago | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds wr… | |||
| CVE-2016-5677 | high | 7.5 | 8.5 | 10y ago | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows… | |||
| CVE-2016-5676 | high | 7.5 | 8.5 | 10y ago | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwo… | |||
| CVE-2016-3288 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20… | |||
| CVE-2016-3237 | high | 7.5 | 8.5 | 10y ago | Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows ma… | |||
| CVE-2016-6515 | high | 7.5 | 8.5 | 10y ago | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (cryp… |