CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6458 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configur… | |||
| CVE-2016-9296 | high | 7.5 | 7.5 | 10y ago | A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams… | |||
| CVE-2016-9294 | high | 7.5 | 7.5 | 10y ago | Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed label… | |||
| CVE-2016-9283 | high | 7.5 | 7.5 | 10y ago | SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related … | |||
| CVE-2016-9282 | high | 7.5 | 7.5 | 10y ago | SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_… | |||
| CVE-2016-9277 | high | 7.5 | 7.5 | 10y ago | Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an o… | |||
| CVE-2016-7247 | high | 7.5 | 7.5 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protect… | |||
| CVE-2016-7243 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7242 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7237 | medium | 6.5 | 7.5 | 10y ago | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win… | |||
| CVE-2016-7208 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7198 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-7196 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows… | |||
| CVE-2016-7195 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-4959 | high | 7.5 | 7.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a … | |||
| CVE-2016-9184 | high | 7.5 | 7.5 | 10y ago | In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table name… | |||
| CVE-2016-9183 | high | 7.5 | 7.5 | 10y ago | In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses t… | |||
| CVE-2016-9182 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Ex… | |||
| CVE-2016-9177 | high | 7.5 | 7.5 | 10y ago | Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI | |||
| CVE-2016-6455 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sess… | |||
| CVE-2016-9136 | high | 7.5 | 7.5 | 10y ago | Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a… | |||
| CVE-2016-9135 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | |||
| CVE-2016-9134 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | |||
| CVE-2016-7452 | high | 7.5 | 7.5 | 10y ago | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||
| CVE-2016-7160 | high | 7.5 | 7.5 | 10y ago | A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | |||
| CVE-2016-8864 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record… | |||
| CVE-2016-8203 | high | 7.5 | 7.5 | 10y ago | A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of… | |||
| CVE-2016-8876 | high | 7.5 | 7.5 | 10y ago | Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embed… | |||
| CVE-2016-7991 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and … | |||
| CVE-2016-7989 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the… | |||
| CVE-2016-7988 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configur… | |||
| CVE-2016-9114 | high | 7.5 | 7.5 | 10y ago | There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Servi… | |||
| CVE-2016-9113 | high | 7.5 | 7.5 | 10y ago | There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. | |||
| CVE-2016-9112 | high | 7.5 | 7.5 | 10y ago | Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. | |||
| CVE-2016-7506 | high | 7.5 | 7.5 | 10y ago | An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue … | |||
| CVE-2016-4396 | high | 7.5 | 7.5 | 10y ago | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | |||
| CVE-2016-4395 | high | 7.5 | 7.5 | 10y ago | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | |||
| CVE-2016-9017 | high | 7.5 | 7.5 | 10y ago | Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approac… | |||
| CVE-2016-8867 | high | 7.5 | 7.5 | 10y ago | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or m… | |||
| CVE-2016-8600 | high | 7.5 | 7.5 | 10y ago | In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | |||
| CVE-2016-7919 | high | 7.5 | 7.5 | 10y ago | Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation proces… | |||
| CVE-2016-6372 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and W… | |||
| CVE-2016-6360 | high | 7.5 | 7.5 | 10y ago | A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial den… | |||
| CVE-2016-6358 | high | 7.5 | 7.5 | 10y ago | A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application … | |||
| CVE-2016-6357 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2016-6356 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to sto… | |||
| CVE-2016-1486 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenti… | |||
| CVE-2016-1481 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS)… | |||
| CVE-2016-1480 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… | |||
| CVE-2016-6446 | high | 7.5 | 7.5 | 10y ago | A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Release… | |||
| CVE-2016-6439 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) … | |||
| CVE-2016-6431 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vul… | |||
| CVE-2016-5500 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. | |||
| CVE-2016-5495 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. | |||
| CVE-2016-1000215 | high | 7.5 | 7.5 | 10y ago | Ruckus Wireless H500 web management interface denial of service | |||
| CVE-2016-1000032 | high | 7.5 | 7.5 | 10y ago | TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | |||
| CVE-2016-2848 | high | 7.5 | 7.5 | 10y ago | ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource recor… | |||
| CVE-2016-8666 | high | 7.5 | 7.5 | 10y ago | The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO p… | |||
| CVE-2016-7039 | high | 7.5 | 7.5 | 10y ago | The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GR… | |||
| CVE-2016-3390 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3389 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3385 | high | 7.5 | 7.5 | 10y ago | The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Script… | |||
| CVE-2016-3384 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3383 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corrupti… | |||
| CVE-2016-3382 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3331 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-3635 | high | 7.5 | 7.5 | 10y ago | SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connectio… | |||
| CVE-2016-8563 | high | 7.5 | 7.5 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | |||
| CVE-2016-6323 | high | 7.5 | 7.5 | 10y ago | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-depe… | |||
| CVE-2016-6273 | high | 7.5 | 7.5 | 10y ago | The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License … | |||
| CVE-2016-1000009 | high | 7.5 | 7.5 | 10y ago | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | |||
| CVE-2016-6653 | high | 7.5 | 7.5 | 10y ago | The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cle… | |||
| CVE-2016-6435 | medium | 6.5 | 7.5 | 10y ago | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||
| CVE-2016-6422 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass … | |||
| CVE-2016-6023 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary… | |||
| CVE-2016-6426 | high | 7.5 | 7.5 | 10y ago | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers… | |||
| CVE-2016-6393 | high | 7.5 | 7.5 | 10y ago | The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connect… | |||
| CVE-2016-6391 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSC… | |||
| CVE-2016-6385 | high | 7.5 | 7.5 | 10y ago | Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via… | |||
| CVE-2016-6379 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | |||
| CVE-2016-6378 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. | |||
| CVE-2016-1455 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP t… | |||
| CVE-2016-6392 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Sour… | |||
| CVE-2016-6386 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID C… | |||
| CVE-2016-6384 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka … | |||
| CVE-2016-6382 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) registe… | |||
| CVE-2016-6381 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka B… | |||
| CVE-2016-4551 | high | 7.5 | 7.5 | 10y ago | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the … | |||
| CVE-2016-1246 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | |||
| CVE-2016-8343 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-6419 | high | 7.5 | 7.5 | 10y ago | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur2548… | |||
| CVE-2016-5983 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbi… | |||
| CVE-2016-5085 | high | 7.5 | 7.5 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an auth… | |||
| CVE-2016-5084 | high | 7.5 | 7.5 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2016-2307 | high | 7.5 | 7.5 | 10y ago | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read… | |||
| CVE-2016-8278 | high | 7.5 | 7.5 | 10y ago | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||
| CVE-2016-7141 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse o… | |||
| CVE-2016-7401 | high | 7.5 | 7.5 | 10y ago | The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting … | |||
| CVE-2016-7031 | high | 7.5 | 7.5 | 10y ago | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | |||
| CVE-2016-6352 | high | 7.5 | 7.5 | 10y ago | The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. |