CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8619 | high | — | 8.0 | — | The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | |||
| CVE-2016-8623 | high | — | 8.0 | — | A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | |||
| CVE-2016-8617 | high | — | 8.0 | — | The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | |||
| CVE-2016-8621 | high | — | 8.0 | — | The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | |||
| CVE-2016-8616 | high | — | 8.0 | — | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an u… | |||
| CVE-2016-8620 | high | — | 8.0 | — | The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | |||
| CVE-2016-8618 | high | — | 8.0 | — | The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | |||
| CVE-2016-8622 | high | — | 8.0 | — | The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than … | |||
| CVE-2016-2124 | high | — | 8.0 | 5y ago | RHSA-2021:5082: samba security update (Important) | |||
| CVE-2016-5789 | high | 8.0 | 8.0 | 9y ago | A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active sess… | |||
| CVE-2016-7507 | high | 8.0 | 8.0 | 9y ago | Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | |||
| CVE-2016-9991 | high | 8.0 | 8.0 | 9y ago | IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the … | |||
| CVE-2016-1161 | high | 8.0 | 8.0 | 9y ago | Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | |||
| CVE-2016-9351 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | |||
| CVE-2016-7904 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/a… | |||
| CVE-2016-8201 | high | 8.0 | 8.0 | 10y ago | A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traff… | |||
| CVE-2016-10010 | high | 7.0 | 8.0 | 10y ago | sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to … | |||
| CVE-2016-6664 | high | 7.0 | 8.0 | 10y ago | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percon… | |||
| CVE-2016-6663 | high | 7.0 | 8.0 | 10y ago | Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server b… | |||
| CVE-2016-2884 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijac… | |||
| CVE-2016-2878 | high | 8.0 | 8.0 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for r… | |||
| CVE-2016-2863 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authe… | |||
| CVE-2016-0386 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the auth… | |||
| CVE-2016-3651 | high | 8.0 | 8.0 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. | |||
| CVE-2016-4822 | high | 8.0 | 8.0 | 10y ago | Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-4371 | high | 8.0 | 8.0 | 10y ago | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery… | |||
| CVE-2016-4506 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of … | |||
| CVE-2016-4558 | high | 7.0 | 8.0 | 10y ago | The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a … | |||
| CVE-2016-1661 | high | 8.0 | 8.0 | 10y ago | Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers… | |||
| CVE-2016-1531 | high | 7.0 | 8.0 | 10y ago | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | |||
| CVE-2016-1757 | high | 7.0 | 8.0 | 10y ago | Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2016-1991 | high | 8.0 | 8.0 | 10y ago | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download… | |||
| CVE-2016-1489 | high | 8.0 | 8.0 | 11y ago | Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network… | |||
| CVE-2016-9379 | high | 7.9 | 7.9 | 10y ago | The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes… | |||
| CVE-2016-5563 | high | 7.9 | 7.9 | 10y ago | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators t… | |||
| CVE-2016-2243 | high | 7.9 | 7.9 | 10y ago | Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | |||
| CVE-2016-1255 | high | 7.8 | 7.8 | 9y ago | The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, i… | |||
| CVE-2016-6804 | high | 7.8 | 7.8 | 9y ago | The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated pr… | |||
| CVE-2016-6803 | high | 7.8 | 7.8 | 9y ago | An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan … | |||
| CVE-2016-5002 | high | 7.8 | 7.8 | 9y ago | Apache XML-RPC XXE Vulnerability | |||
| CVE-2016-4922 | high | 7.8 | 7.8 | 9y ago | Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permiss… | |||
| CVE-2016-4434 | high | 7.8 | 7.8 | 9y ago | Apache Tika does not properly initialize the XML parser or choose handlers | |||
| CVE-2016-5759 | high | 7.8 | 7.8 | 9y ago | The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | |||
| CVE-2016-2972 | high | 7.8 | 7.8 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | |||
| CVE-2016-10389 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a … | |||
| CVE-2016-5864 | high | 7.8 | 7.8 | 9y ago | In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overfl… | |||
| CVE-2016-5863 | high | 7.8 | 7.8 | 9y ago | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | |||
| CVE-2016-10402 | high | 7.8 | 7.8 | 9y ago | Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer ov… | |||
| CVE-2016-7062 | high | 7.8 | 7.8 | 9y ago | rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | |||
| CVE-2016-10395 | high | 7.8 | 7.8 | 9y ago | In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licen… | |||
| CVE-2016-10342 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. | |||
| CVE-2016-10341 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. | |||
| CVE-2016-10340 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. | |||
| CVE-2016-10338 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. | |||
| CVE-2016-7838 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||
| CVE-2016-7837 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. | |||
| CVE-2016-7818 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption progr… | |||
| CVE-2016-4902 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for… | |||
| CVE-2016-4973 | high | 7.8 | 7.8 | 9y ago | Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Si… | |||
| CVE-2016-8228 | high | 7.8 | 7.8 | 9y ago | In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||
| CVE-2016-5735 | high | 7.8 | 7.8 | 9y ago | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | |||
| CVE-2016-1876 | high | 7.8 | 7.8 | 9y ago | The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | |||
| CVE-2016-7804 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-4901 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-4900 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-10239 | high | 7.8 | 7.8 | 9y ago | In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a … | |||
| CVE-2016-10238 | high | 7.8 | 7.8 | 9y ago | In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. | |||
| CVE-2016-10237 | high | 7.8 | 7.8 | 9y ago | If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not … | |||
| CVE-2016-4838 | high | 7.8 | 7.8 | 9y ago | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0… | |||
| CVE-2016-10276 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2016-10275 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critic… | |||
| CVE-2016-10274 | high | 7.8 | 7.8 | 9y ago | An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a… | |||
| CVE-2016-9100 | high | 7.8 | 7.8 | 9y ago | Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible … | |||
| CVE-2016-10369 | high | 7.8 | 7.8 | 9y ago | unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypass… | |||
| CVE-2016-6915 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | |||
| CVE-2016-6917 | high | 7.8 | 7.8 | 9y ago | Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | |||
| CVE-2016-6916 | high | 7.8 | 7.8 | 9y ago | Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denia… | |||
| CVE-2016-2347 | high | 7.8 | 7.8 | 9y ago | Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||
| CVE-2016-1520 | high | 7.8 | 7.8 | 9y ago | The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted … | |||
| CVE-2016-4846 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | |||
| CVE-2016-4650 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of… | |||
| CVE-2016-4293 | high | 7.8 | 7.8 | 9y ago | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via… | |||
| CVE-2016-8602 | high | 7.8 | 7.8 | 9y ago | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscrip… | |||
| CVE-2016-6299 | high | 7.8 | 7.8 | 9y ago | The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | |||
| CVE-2016-10123 | high | 7.8 | 7.8 | 9y ago | Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | |||
| CVE-2016-10122 | high | 7.8 | 7.8 | 9y ago | Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||
| CVE-2016-10121 | high | 7.8 | 7.8 | 9y ago | Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | |||
| CVE-2016-10120 | high | 7.8 | 7.8 | 9y ago | Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | |||
| CVE-2016-10119 | high | 7.8 | 7.8 | 9y ago | Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | |||
| CVE-2016-10117 | high | 7.8 | 7.8 | 9y ago | Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | |||
| CVE-2016-9959 | high | 7.8 | 7.8 | 9y ago | game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. | |||
| CVE-2016-9958 | high | 7.8 | 7.8 | 9y ago | game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. | |||
| CVE-2016-9957 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in game-music-emu before 0.6.1. | |||
| CVE-2016-8235 | high | 7.8 | 7.8 | 9y ago | Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||
| CVE-2016-10323 | high | 7.8 | 7.8 | 9y ago | Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | |||
| CVE-2016-10320 | high | 7.8 | 7.8 | 9y ago | textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. | |||
| CVE-2016-5870 | high | 7.8 | 7.8 | 9y ago | The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MS… | |||
| CVE-2016-3740 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value i… | |||
| CVE-2016-10317 | high | 7.8 | 7.8 | 9y ago | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application c… | |||
| CVE-2016-8768 | high | 7.8 | 7.8 | 9y ago | Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system o… |