CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5586 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integri… | |||
| CVE-2016-5557 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and int… | |||
| CVE-2016-5503 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability vi… | |||
| CVE-2016-5491 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5489 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vecto… | |||
| CVE-2016-5482 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integr… | |||
| CVE-2016-7093 | high | 8.2 | 8.2 | 10y ago | Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation… | |||
| CVE-2016-7092 | high | 8.2 | 8.2 | 10y ago | The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | |||
| CVE-2016-1607 | high | 7.2 | 8.2 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administr… | |||
| CVE-2016-5465 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2016-3536 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3535 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Rem… | |||
| CVE-2016-3532 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via … | |||
| CVE-2016-3522 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality a… | |||
| CVE-2016-3512 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2016-3491 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wir… | |||
| CVE-2016-0271 | high | 8.2 | 8.2 | 10y ago | The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users … | |||
| CVE-2016-1182 | high | 8.2 | 8.2 | 10y ago | Improper Input Validation in Apache Struts | |||
| CVE-2016-1441 | high | 8.2 | 8.2 | 10y ago | Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET … | |||
| CVE-2016-5840 | high | 7.2 | 8.2 | 10y ago | hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename… | |||
| CVE-2016-5729 | high | 8.2 | 8.2 | 10y ago | Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | |||
| CVE-2016-0911 | high | 8.2 | 8.2 | 10y ago | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root… | |||
| CVE-2016-5363 | high | 8.2 | 8.2 | 10y ago | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of serv… | |||
| CVE-2016-5362 | high | 8.2 | 8.2 | 10y ago | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of ser… | |||
| CVE-2016-3994 | high | 8.2 | 8.2 | 10y ago | The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds rea… | |||
| CVE-2016-2176 | high | 8.2 | 8.2 | 10y ago | The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a … | |||
| CVE-2016-2204 | high | 8.2 | 8.2 | 10y ago | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||
| CVE-2016-1593 | high | 7.2 | 8.2 | 10y ago | Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a … | |||
| CVE-2016-3456 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confiden… | |||
| CVE-2016-3439 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Numb… | |||
| CVE-2016-3438 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors… | |||
| CVE-2016-3437 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address … | |||
| CVE-2016-3436 | high | 8.2 | 8.2 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2016-0709 | high | 7.2 | 8.2 | 10y ago | Path Traversal in Apache Jetspeed | |||
| CVE-2016-3947 | high | 8.2 | 8.2 | 10y ago | Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performan… | |||
| CVE-2016-3142 | high | 8.2 | 8.2 | 10y ago | The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a deni… | |||
| CVE-2016-2278 | high | 7.2 | 8.2 | 10y ago | Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeat… | |||
| CVE-2016-9014 | high | 8.1 | 8.1 | 4y ago | Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validat… | |||
| CVE-2016-6904 | high | 8.1 | 8.1 | 9y ago | Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication cr… | |||
| CVE-2016-10383 | high | 8.1 | 8.1 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | |||
| CVE-2016-9981 | high | 8.1 | 8.1 | 9y ago | IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 | |||
| CVE-2016-5045 | high | 8.1 | 8.1 | 9y ago | NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | |||
| CVE-2016-3998 | high | 8.1 | 8.1 | 9y ago | NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||
| CVE-2016-9698 | high | 8.1 | 8.1 | 9y ago | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… | |||
| CVE-2016-6098 | high | 8.1 | 8.1 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||
| CVE-2016-3084 | high | 8.1 | 8.1 | 9y ago | Cloud Foundry UAA reset password vulnerable to brute force attack | |||
| CVE-2016-1518 | high | 8.1 | 8.1 | 9y ago | The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and conseque… | |||
| CVE-2016-1559 | high | 8.1 | 8.1 | 9y ago | D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames an… | |||
| CVE-2016-0721 | high | 8.1 | 8.1 | 9y ago | Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||
| CVE-2016-1148 | high | 8.1 | 8.1 | 9y ago | Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||
| CVE-2016-4850 | high | 8.1 | 8.1 | 9y ago | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | |||
| CVE-2016-8712 | high | 8.1 | 8.1 | 9y ago | An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication reque… | |||
| CVE-2016-8237 | high | 8.1 | 8.1 | 9y ago | Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||
| CVE-2016-9707 | high | 8.1 | 8.1 | 9y ago | IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose… | |||
| CVE-2016-9463 | high | 8.1 | 8.1 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enable… | |||
| CVE-2016-4927 | high | 8.1 | 8.1 | 9y ago | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | |||
| CVE-2016-6816 | high | 7.1 | 8.1 | 9y ago | Improper Input Validation in Apache Tomcat | |||
| CVE-2016-9724 | high | 8.1 | 8.1 | 9y ago | IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose high… | |||
| CVE-2016-8974 | high | 8.1 | 8.1 | 9y ago | IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil… | |||
| CVE-2016-7643 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allo… | |||
| CVE-2016-8379 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-8372 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-8360 | high | 8.1 | 8.1 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an at… | |||
| CVE-2016-3180 | high | 8.1 | 8.1 | 9y ago | Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Troja… | |||
| CVE-2016-1894 | high | 8.1 | 8.1 | 9y ago | NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2016-6500 | high | 8.1 | 8.1 | 9y ago | Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote … | |||
| CVE-2016-8980 | high | 8.1 | 8.1 | 10y ago | IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex… | |||
| CVE-2016-6059 | high | 8.1 | 8.1 | 10y ago | IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabi… | |||
| CVE-2016-0396 | high | 8.1 | 8.1 | 10y ago | IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | |||
| CVE-2016-8315 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.… | |||
| CVE-2016-8298 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-8297 | high | 8.1 | 8.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-5091 | high | 8.1 | 8.1 | 10y ago | Extbase for TYPO3 allows RCE | |||
| CVE-2016-10103 | high | 8.1 | 8.1 | 10y ago | Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for G… | |||
| CVE-2016-10102 | high | 8.1 | 8.1 | 10y ago | hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd… | |||
| CVE-2016-10101 | high | 8.1 | 8.1 | 10y ago | Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Pa… | |||
| CVE-2016-10086 | high | 8.1 | 8.1 | 10y ago | RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions … | |||
| CVE-2016-6896 | high | 7.1 | 8.1 | 10y ago | Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read… | |||
| CVE-2016-7144 | high | 8.1 | 8.1 | 10y ago | The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi… | |||
| CVE-2016-3130 | high | 8.1 | 8.1 | 10y ago | An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an … | |||
| CVE-2016-10125 | high | 8.1 | 8.1 | 10y ago | D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||
| CVE-2016-8706 | high | 8.1 | 8.1 | 10y ago | An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to rem… | |||
| CVE-2016-2378 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in … | |||
| CVE-2016-2377 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A… | |||
| CVE-2016-2376 | high | 8.1 | 8.1 | 10y ago | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicio… | |||
| CVE-2016-2374 | high | 8.1 | 8.1 | 10y ago | An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write l… | |||
| CVE-2016-2371 | high | 8.1 | 8.1 | 10y ago | An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | |||
| CVE-2016-2368 | high | 8.1 | 8.1 | 10y ago | Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially… | |||
| CVE-2016-10030 | high | 8.1 | 8.1 | 10y ago | The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure o… | |||
| CVE-2016-10116 | high | 8.1 | 8.1 | 10y ago | NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adj… | |||
| CVE-2016-7967 | high | 8.1 | 8.1 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URL… | |||
| CVE-2016-6659 | high | 8.1 | 8.1 | 10y ago | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3… | |||
| CVE-2016-9160 | high | 8.1 | 8.1 | 10y ago | A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX compon… | |||
| CVE-2016-5688 | high | 8.1 | 8.1 | 10y ago | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-va… | |||
| CVE-2016-6633 | high | 8.1 | 8.1 | 10y ago | phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension | |||
| CVE-2016-6617 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6… | |||
| CVE-2016-6611 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6… | |||
| CVE-2016-6606 | high | 8.1 | 8.1 | 10y ago | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's bro… | |||
| CVE-2016-3055 | high | 8.1 | 8.1 | 10y ago | IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an externa… | |||
| CVE-2016-3033 | high | 8.1 | 8.1 | 10y ago | IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity de… |