CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3765 | high | 7.7 | 7.7 | 10y ago | decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via … | |||
| CVE-2016-0362 | high | 7.7 | 7.7 | 10y ago | IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger ne… | |||
| CVE-2016-3647 | high | 7.7 | 7.7 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intra… | |||
| CVE-2016-0267 | high | 7.7 | 7.7 | 10y ago | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the serv… | |||
| CVE-2016-4514 | high | 7.7 | 7.7 | 10y ago | Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | |||
| CVE-2016-1996 | high | 7.7 | 7.7 | 10y ago | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-1905 | high | 7.7 | 7.7 | 11y ago | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | |||
| CVE-2016-8930 | high | 7.6 | 7.6 | 10y ago | IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… | |||
| CVE-2016-8928 | high | 7.6 | 7.6 | 10y ago | IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… | |||
| CVE-2016-8296 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via … | |||
| CVE-2016-8281 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentia… | |||
| CVE-2016-5562 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality a… | |||
| CVE-2016-5536 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentia… | |||
| CVE-2016-6641 | high | 7.6 | 7.6 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5139 | high | 7.6 | 7.6 | 10y ago | Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-b… | |||
| CVE-2016-5476 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiali… | |||
| CVE-2016-5475 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, an… | |||
| CVE-2016-5447 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2016-3565 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availabilit… | |||
| CVE-2016-3544 | high | 7.6 | 7.6 | 10y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affe… | |||
| CVE-2016-2076 | high | 7.6 | 7.6 | 10y ago | Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles ses… | |||
| CVE-2016-1577 | high | 7.6 | 7.6 | 10y ago | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cr… | |||
| CVE-2016-0603 | high | — | 7.6 | 11y ago | Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availabili… | |||
| CVE-2016-2052 | high | 7.6 | 7.6 | 11y ago | Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted dat… | |||
| CVE-2016-1619 | high | 7.6 | 7.6 | 11y ago | Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attac… | |||
| CVE-2016-1613 | high | 7.6 | 7.6 | 11y ago | Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have … | |||
| CVE-2016-1612 | high | 7.6 | 7.6 | 11y ago | The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, w… | |||
| CVE-2016-10708 | high | 7.5 | 7.5 | 9y ago | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat… | |||
| CVE-2016-10703 | high | 7.5 | 7.5 | 9y ago | Denial of Service in ecstatic | |||
| CVE-2016-1254 | high | 7.5 | 7.5 | 9y ago | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | |||
| CVE-2016-8610 | high | 7.5 | 7.5 | 9y ago | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote… | |||
| CVE-2016-7798 | high | 7.5 | 7.5 | 9y ago | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryp… | |||
| CVE-2016-4925 | high | 7.5 | 7.5 | 9y ago | Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover … | |||
| CVE-2016-4921 | high | 7.5 | 7.5 | 9y ago | By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitim… | |||
| CVE-2016-8752 | high | 7.5 | 7.5 | 9y ago | Path Traversal in Apache Atlas | |||
| CVE-2016-7030 | high | 7.5 | 7.5 | 9y ago | FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in whi… | |||
| CVE-2016-0634 | high | 7.5 | 7.5 | 9y ago | The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | |||
| CVE-2016-5816 | high | 7.5 | 7.5 | 9y ago | A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded privat… | |||
| CVE-2016-6796 | high | 7.5 | 7.5 | 9y ago | Apache Tomcat vulnerable to SecurityManager bypass | |||
| CVE-2016-8745 | high | 7.5 | 7.5 | 9y ago | Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat | |||
| CVE-2016-6817 | high | 7.5 | 7.5 | 9y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | |||
| CVE-2016-6797 | high | 7.5 | 7.5 | 9y ago | Incorrect Authorization in Apache Tomcat | |||
| CVE-2016-8739 | high | 7.5 | 7.5 | 9y ago | Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS | |||
| CVE-2016-4456 | high | 7.5 | 7.5 | 9y ago | The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | |||
| CVE-2016-6220 | high | 7.5 | 7.5 | 9y ago | Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. | |||
| CVE-2016-8743 | high | 7.5 | 7.5 | 9y ago | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres… | |||
| CVE-2016-2161 | high | 7.5 | 7.5 | 9y ago | In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | |||
| CVE-2016-10399 | high | 7.5 | 7.5 | 9y ago | Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted … | |||
| CVE-2016-7539 | high | 7.5 | 7.5 | 9y ago | Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2016-10400 | high | 7.5 | 7.5 | 9y ago | Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= af… | |||
| CVE-2016-8951 | high | 7.5 | 7.5 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that co… | |||
| CVE-2016-10397 | high | 7.5 | 7.5 | 9y ago | In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.e… | |||
| CVE-2016-10396 | high | 7.5 | 7.5 | 9y ago | The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhau… | |||
| CVE-2016-3997 | high | 7.5 | 7.5 | 9y ago | NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement i… | |||
| CVE-2016-3400 | high | 7.5 | 7.5 | 9y ago | NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the S… | |||
| CVE-2016-10042 | high | 7.5 | 7.5 | 9y ago | Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticat… | |||
| CVE-2016-6342 | high | 7.5 | 7.5 | 9y ago | elog 3.1.1 allows remote attackers to post data as any username in the logbook. | |||
| CVE-2016-5414 | high | 7.5 | 7.5 | 9y ago | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | |||
| CVE-2016-9738 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | |||
| CVE-2016-10363 | high | 7.5 | 7.5 | 9y ago | Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Log… | |||
| CVE-2016-1000222 | high | 7.5 | 7.5 | 9y ago | Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | |||
| CVE-2016-1000219 | high | 7.5 | 7.5 | 9y ago | Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack session… | |||
| CVE-2016-1000221 | high | 7.5 | 7.5 | 9y ago | Logstash Logs Sensitive Information | |||
| CVE-2016-5391 | high | 7.5 | 7.5 | 9y ago | libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | |||
| CVE-2016-3704 | high | 7.5 | 7.5 | 9y ago | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | |||
| CVE-2016-7833 | high | 7.5 | 7.5 | 9y ago | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||
| CVE-2016-7814 | high | 7.5 | 7.5 | 9y ago | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | |||
| CVE-2016-7807 | high | 7.5 | 7.5 | 9y ago | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | |||
| CVE-2016-6594 | high | 7.5 | 7.5 | 9y ago | Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | |||
| CVE-2016-5416 | high | 7.5 | 7.5 | 9y ago | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat… | |||
| CVE-2016-4992 | high | 7.5 | 7.5 | 9y ago | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat… | |||
| CVE-2016-3099 | high | 7.5 | 7.5 | 9y ago | mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the u… | |||
| CVE-2016-4457 | high | 7.5 | 7.5 | 9y ago | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | |||
| CVE-2016-3112 | high | 7.5 | 7.5 | 9y ago | client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer p… | |||
| CVE-2016-3091 | high | 7.5 | 7.5 | 9y ago | Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. | |||
| CVE-2016-0768 | high | 7.5 | 7.5 | 9y ago | PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||
| CVE-2016-8231 | high | 7.5 | 7.5 | 9y ago | In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificat… | |||
| CVE-2016-8230 | high | 7.5 | 7.5 | 9y ago | In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | |||
| CVE-2016-3083 | high | 7.5 | 7.5 | 9y ago | org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation | |||
| CVE-2016-5007 | high | 7.5 | 7.5 | 9y ago | Spring Security and Spring Framework may not recognize certain paths that should be protected | |||
| CVE-2016-0780 | high | 7.5 | 7.5 | 9y ago | It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not … | |||
| CVE-2016-8741 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java | |||
| CVE-2016-10331 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||
| CVE-2016-4864 | high | 7.5 | 7.5 | 9y ago | H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redire… | |||
| CVE-2016-10370 | high | 7.5 | 7.5 | 9y ago | An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due t… | |||
| CVE-2016-7476 | high | 7.5 | 7.5 | 9y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1… | |||
| CVE-2016-9250 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. | |||
| CVE-2016-9256 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are chan… | |||
| CVE-2016-9253 | high | 7.5 | 7.5 | 9y ago | In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. | |||
| CVE-2016-6799 | high | 7.5 | 7.5 | 9y ago | Information Exposure in cordova-android | |||
| CVE-2016-8209 | high | 7.5 | 7.5 | 9y ago | Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may all… | |||
| CVE-2016-7053 | high | 7.5 | 7.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.… | |||
| CVE-2016-2930 | high | 7.5 | 7.5 | 9y ago | IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | |||
| CVE-2016-10367 | high | 7.5 | 7.5 | 9y ago | In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerabilit… | |||
| CVE-2016-9954 | high | 7.5 | 7.5 | 9y ago | The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regul… | |||
| CVE-2016-5168 | high | 7.5 | 7.5 | 9y ago | Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | |||
| CVE-2016-1556 | high | 7.5 | 7.5 | 9y ago | Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphr… | |||
| CVE-2016-10091 | high | 7.5 | 7.5 | 9y ago | Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3)… | |||
| CVE-2016-0833 | high | 7.5 | 7.5 | 9y ago | Android allows users to cause a denial of service. | |||
| CVE-2016-6337 | high | 7.5 | 7.5 | 9y ago | MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. |