CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3405 | high | 7.5 | 7.5 | 10y ago | Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. | |||
| CVE-2016-3404 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. | |||
| CVE-2016-3402 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. | |||
| CVE-2016-6897 | medium | 6.5 | 7.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio… | |||
| CVE-2016-9297 | high | 7.5 | 7.5 | 10y ago | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||
| CVE-2016-9279 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Sam… | |||
| CVE-2016-9109 | high | 7.5 | 7.5 | 10y ago | Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-… | |||
| CVE-2016-7997 | high | 7.5 | 7.5 | 10y ago | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |||
| CVE-2016-7564 | high | 7.5 | 7.5 | 10y ago | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | |||
| CVE-2016-7563 | high | 7.5 | 7.5 | 10y ago | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | |||
| CVE-2016-6823 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds writ… | |||
| CVE-2016-8207 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files incl… | |||
| CVE-2016-8206 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary fi… | |||
| CVE-2016-9812 | high | 7.5 | 7.5 | 10y ago | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | |||
| CVE-2016-9808 | high | 7.5 | 7.5 | 10y ago | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | |||
| CVE-2016-9312 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |||
| CVE-2016-9107 | high | 7.5 | 7.5 | 10y ago | The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-7426 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent r… | |||
| CVE-2016-6886 | high | 7.5 | 7.5 | 10y ago | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret k… | |||
| CVE-2016-6885 | high | 7.5 | 7.5 | 10y ago | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | |||
| CVE-2016-9882 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in C… | |||
| CVE-2016-10140 | high | 7.5 | 7.5 | 10y ago | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker t… | |||
| CVE-2016-3151 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devi… | |||
| CVE-2016-9444 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS r… | |||
| CVE-2016-9147 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency amon… | |||
| CVE-2016-9131 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed re… | |||
| CVE-2016-6820 | high | 7.5 | 7.5 | 10y ago | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | |||
| CVE-2016-7478 | high | 7.5 | 7.5 | 10y ago | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data… | |||
| CVE-2016-6831 | high | 7.5 | 7.5 | 10y ago | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exh… | |||
| CVE-2016-6581 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. T… | |||
| CVE-2016-6580 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every p… | |||
| CVE-2016-6287 | high | 7.5 | 7.5 | 10y ago | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this … | |||
| CVE-2016-6286 | high | 7.5 | 7.5 | 10y ago | The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable… | |||
| CVE-2016-9879 | high | 7.5 | 7.5 | 10y ago | Security Constraint Bypass in Spring Security | |||
| CVE-2016-6892 | high | 7.5 | 7.5 | 10y ago | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | |||
| CVE-2016-6891 | high | 7.5 | 7.5 | 10y ago | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | |||
| CVE-2016-6894 | high | 7.5 | 7.5 | 10y ago | Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets … | |||
| CVE-2016-9934 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as… | |||
| CVE-2016-9933 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote atta… | |||
| CVE-2016-8860 | high | 7.5 | 7.5 | 10y ago | Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that… | |||
| CVE-2016-10097 | high | 7.5 | 7.5 | 10y ago | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | |||
| CVE-2016-9878 | high | 7.5 | 7.5 | 10y ago | Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized | |||
| CVE-2016-10041 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisi… | |||
| CVE-2016-9037 | high | 7.5 | 7.5 | 10y ago | An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element… | |||
| CVE-2016-9036 | high | 7.5 | 7.5 | 10y ago | An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly ret… | |||
| CVE-2016-9154 | high | 7.5 | 7.5 | 10y ago | Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modu… | |||
| CVE-2016-9179 | high | 7.5 | 7.5 | 10y ago | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | |||
| CVE-2016-7172 | high | 7.5 | 7.5 | 10y ago | NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | |||
| CVE-2016-2349 | high | 7.5 | 7.5 | 10y ago | Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | |||
| CVE-2016-7297 | high | 7.5 | 7.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7296 | high | 7.5 | 7.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7279 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-7270 | high | 7.5 | 7.5 | 10y ago | The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain se… | |||
| CVE-2016-7181 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-10005 | high | 7.5 | 7.5 | 10y ago | Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | |||
| CVE-2016-9951 | medium | 6.5 | 7.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |||
| CVE-2016-9158 | high | 7.5 | 7.5 | 10y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and b… | |||
| CVE-2016-9837 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all… | |||
| CVE-2016-7889 | high | 7.5 | 7.5 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||
| CVE-2016-7887 | high | 7.5 | 7.5 | 10y ago | Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. | |||
| CVE-2016-4028 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle… | |||
| CVE-2016-9212 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect… | |||
| CVE-2016-9211 | high | 7.5 | 7.5 | 10y ago | A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reloa… | |||
| CVE-2016-9210 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file … | |||
| CVE-2016-9205 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting … | |||
| CVE-2016-9203 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. Mor… | |||
| CVE-2016-9201 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based… | |||
| CVE-2016-9198 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More… | |||
| CVE-2016-9193 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2016-6469 | high | 7.5 | 7.5 | 10y ago | A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the… | |||
| CVE-2016-6467 | high | 7.5 | 7.5 | 10y ago | A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected relo… | |||
| CVE-2016-6464 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages th… | |||
| CVE-2016-7952 | high | 7.5 | 7.5 | 10y ago | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category with… | |||
| CVE-2016-7946 | high | 7.5 | 7.5 | 10y ago | X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | |||
| CVE-2016-7945 | high | 7.5 | 7.5 | 10y ago | Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | |||
| CVE-2016-5842 | high | 7.5 | 7.5 | 10y ago | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | |||
| CVE-2016-9937 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters sep… | |||
| CVE-2016-9864 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the contro… | |||
| CVE-2016-9863 | high | 7.5 | 7.5 | 10y ago | phpMyAdmin DoS Vulnerability | |||
| CVE-2016-9862 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||
| CVE-2016-9861 | high | 7.5 | 7.5 | 10y ago | phpMyAdmin Bypass white-list protection for URL redirection | |||
| CVE-2016-6631 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a use… | |||
| CVE-2016-6616 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.… | |||
| CVE-2016-6321 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files v… | |||
| CVE-2016-6301 | high | 7.5 | 7.5 | 10y ago | The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a… | |||
| CVE-2016-8858 | high | 7.5 | 7.5 | 10y ago | The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE:… | |||
| CVE-2016-9920 | high | 7.5 | 7.5 | 10y ago | steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-… | |||
| CVE-2016-9919 | high | 7.5 | 7.5 | 10y ago | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a… | |||
| CVE-2016-9918 | high | 7.5 | 7.5 | 10y ago | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in … | |||
| CVE-2016-9917 | high | 7.5 | 7.5 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||
| CVE-2016-9839 | high | 7.5 | 7.5 | 10y ago | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||
| CVE-2016-9479 | high | 7.5 | 7.5 | 10y ago | The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | |||
| CVE-2016-3012 | high | 7.5 | 7.5 | 10y ago | IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended acces… | |||
| CVE-2016-2876 | high | 7.5 | 7.5 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access… | |||
| CVE-2016-9564 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | |||
| CVE-2016-0319 | high | 7.5 | 7.5 | 10y ago | The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of… | |||
| CVE-2016-9450 | high | 7.5 | 7.5 | 10y ago | Drupal Incorrect cache context on password reset page | |||
| CVE-2016-9562 | high | 7.5 | 7.5 | 10y ago | SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP … | |||
| CVE-2016-6466 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels fr… | |||
| CVE-2016-6460 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass F… |