CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6335 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information vi… | |||
| CVE-2016-6332 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to ter… | |||
| CVE-2016-6331 | high | 7.5 | 7.5 | 9y ago | ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. | |||
| CVE-2016-5409 | high | 7.5 | 7.5 | 9y ago | Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information … | |||
| CVE-2016-3036 | high | 7.5 | 7.5 | 9y ago | IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. A remote attacker could exploit this vulnerability to cause a denial o… | |||
| CVE-2016-5396 | high | 7.5 | 7.5 | 9y ago | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | |||
| CVE-2016-7551 | high | 7.5 | 7.5 | 9y ago | chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (… | |||
| CVE-2016-6489 | high | 7.5 | 7.5 | 9y ago | The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | |||
| CVE-2016-3104 | high | 7.5 | 7.5 | 9y ago | mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representa… | |||
| CVE-2016-8727 | high | 7.5 | 7.5 | 9y ago | An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal … | |||
| CVE-2016-8726 | high | 7.5 | 7.5 | 9y ago | An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTT… | |||
| CVE-2016-8723 | high | 7.5 | 7.5 | 9y ago | An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will caus… | |||
| CVE-2016-10326 | high | 7.5 | 7.5 | 9y ago | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. | |||
| CVE-2016-10325 | high | 7.5 | 7.5 | 9y ago | In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote Do… | |||
| CVE-2016-4970 | high | 7.5 | 7.5 | 9y ago | Loop with Unreachable Exit Condition in Netty | |||
| CVE-2016-1132 | high | 7.5 | 7.5 | 9y ago | Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |||
| CVE-2016-4459 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. | |||
| CVE-2016-8716 | high | 7.5 | 7.5 | 9y ago | An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functiona… | |||
| CVE-2016-7958 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | |||
| CVE-2016-7957 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a s… | |||
| CVE-2016-4483 | high | 7.5 | 7.5 | 9y ago | The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute… | |||
| CVE-2016-5041 | high | 7.5 | 7.5 | 9y ago | dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. | |||
| CVE-2016-6879 | high | 7.5 | 7.5 | 9y ago | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | |||
| CVE-2016-6605 | high | 7.5 | 7.5 | 9y ago | Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | |||
| CVE-2016-6534 | high | 7.5 | 7.5 | 9y ago | Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. | |||
| CVE-2016-5076 | high | 7.5 | 7.5 | 9y ago | CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. | |||
| CVE-2016-5058 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | |||
| CVE-2016-5057 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. | |||
| CVE-2016-5056 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. | |||
| CVE-2016-5054 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. | |||
| CVE-2016-5052 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. | |||
| CVE-2016-5051 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. | |||
| CVE-2016-9219 | high | 7.5 | 7.5 | 9y ago | A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. Th… | |||
| CVE-2016-10226 | high | 7.5 | 7.5 | 9y ago | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted … | |||
| CVE-2016-10222 | high | 7.5 | 7.5 | 9y ago | runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and applicatio… | |||
| CVE-2016-10211 | high | 7.5 | 7.5 | 9y ago | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable… | |||
| CVE-2016-10210 | high | 7.5 | 7.5 | 9y ago | libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer fun… | |||
| CVE-2016-8803 | high | 7.5 | 7.5 | 9y ago | The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | |||
| CVE-2016-8798 | high | 7.5 | 7.5 | 9y ago | Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. | |||
| CVE-2016-8797 | high | 7.5 | 7.5 | 9y ago | Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R0… | |||
| CVE-2016-8796 | high | 7.5 | 7.5 | 9y ago | Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | |||
| CVE-2016-8773 | high | 7.5 | 7.5 | 9y ago | Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C… | |||
| CVE-2016-8754 | high | 7.5 | 7.5 | 9y ago | Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may … | |||
| CVE-2016-2404 | high | 7.5 | 7.5 | 9y ago | Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; … | |||
| CVE-2016-6561 | high | 7.5 | 7.5 | 9y ago | illumos smbsrv NULL pointer dereference allows system crash. | |||
| CVE-2016-9123 | high | 7.5 | 7.5 | 9y ago | go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur… | |||
| CVE-2016-9122 | high | 7.5 | 7.5 | 9y ago | go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate … | |||
| CVE-2016-9252 | high | 7.5 | 7.5 | 9y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remot… | |||
| CVE-2016-9243 | high | 7.5 | 7.5 | 9y ago | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | |||
| CVE-2016-4912 | high | 7.5 | 7.5 | 9y ago | The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which trigge… | |||
| CVE-2016-7797 | high | 7.5 | 7.5 | 9y ago | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | |||
| CVE-2016-2225 | high | 7.5 | 7.5 | 9y ago | The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-2224 | high | 7.5 | 7.5 | 9y ago | The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. | |||
| CVE-2016-10146 | high | 7.5 | 7.5 | 9y ago | Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2016-10132 | high | 7.5 | 7.5 | 9y ago | regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | |||
| CVE-2016-10129 | high | 7.5 | 7.5 | 9y ago | The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. | |||
| CVE-2016-10149 | high | 7.5 | 7.5 | 9y ago | XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||
| CVE-2016-9399 | high | 7.5 | 7.5 | 9y ago | The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9398 | high | 7.5 | 7.5 | 9y ago | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9397 | high | 7.5 | 7.5 | 9y ago | The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9396 | high | 7.5 | 7.5 | 9y ago | The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | |||
| CVE-2016-9391 | high | 7.5 | 7.5 | 9y ago | The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. | |||
| CVE-2016-9389 | high | 7.5 | 7.5 | 9y ago | The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | |||
| CVE-2016-9276 | high | 7.5 | 7.5 | 9y ago | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2016-9275 | high | 7.5 | 7.5 | 9y ago | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2016-10048 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | |||
| CVE-2016-9167 | high | 7.5 | 7.5 | 9y ago | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would… | |||
| CVE-2016-5754 | high | 7.5 | 7.5 | 9y ago | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | |||
| CVE-2016-5752 | high | 7.5 | 7.5 | 9y ago | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicio… | |||
| CVE-2016-5747 | high | 7.5 | 7.5 | 9y ago | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging pre… | |||
| CVE-2016-6650 | high | 7.5 | 7.5 | 9y ago | EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp… | |||
| CVE-2016-9165 | high | 7.5 | 7.5 | 9y ago | The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remot… | |||
| CVE-2016-10197 | high | 7.5 | 7.5 | 9y ago | The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | |||
| CVE-2016-10196 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvi… | |||
| CVE-2016-10250 | high | 7.5 | 7.5 | 9y ago | The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on… | |||
| CVE-2016-10248 | high | 7.5 | 7.5 | 9y ago | The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence. | |||
| CVE-2016-10252 | high | 7.5 | 7.5 | 9y ago | Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||
| CVE-2016-10189 | high | 7.5 | 7.5 | 9y ago | BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not … | |||
| CVE-2016-9368 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may… | |||
| CVE-2016-9740 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. | |||
| CVE-2016-9728 | high | 7.5 | 7.5 | 9y ago | IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Referen… | |||
| CVE-2016-9643 | high | 7.5 | 7.5 | 9y ago | The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and… | |||
| CVE-2016-4950 | high | 7.5 | 7.5 | 9y ago | Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | |||
| CVE-2016-4949 | high | 7.5 | 7.5 | 9y ago | Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | |||
| CVE-2016-9164 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA… | |||
| CVE-2016-6244 | high | 7.5 | 7.5 | 9y ago | The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | |||
| CVE-2016-8236 | high | 7.5 | 7.5 | 9y ago | Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | |||
| CVE-2016-3127 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys … | |||
| CVE-2016-7972 | high | 7.5 | 7.5 | 9y ago | The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | |||
| CVE-2016-7970 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-7969 | high | 7.5 | 7.5 | 9y ago | The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping … | |||
| CVE-2016-10067 | high | 7.5 | 7.5 | 9y ago | magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||
| CVE-2016-6485 | high | 7.5 | 7.5 | 9y ago | Unauthenticated crypto and weak IV in Magento\Framework\Encryption | |||
| CVE-2016-10207 | high | 7.5 | 7.5 | 9y ago | The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. | |||
| CVE-2016-10109 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the… | |||
| CVE-2016-9956 | high | 7.5 | 7.5 | 9y ago | The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | |||
| CVE-2016-9049 | high | 7.5 | 7.5 | 9y ago | An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a nu… | |||
| CVE-2016-10227 | high | 7.5 | 7.5 | 9y ago | Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | |||
| CVE-2016-7667 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a de… | |||
| CVE-2016-7662 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … |