CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4811 | medium | 5.6 | 5.6 | 10y ago | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified… | |||
| CVE-2016-5242 | medium | 5.6 | 5.6 | 10y ago | The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS … | |||
| CVE-2016-0264 | medium | 5.6 | 5.6 | 10y ago | Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP… | |||
| CVE-2016-3140 | medium | 4.6 | 5.6 | 10y ago | The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… | |||
| CVE-2016-3136 | medium | 4.6 | 5.6 | 10y ago | The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… | |||
| CVE-2016-2188 | medium | 4.6 | 5.6 | 10y ago | The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c… | |||
| CVE-2016-3139 | medium | 4.6 | 5.6 | 10y ago | The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr… | |||
| CVE-2016-2782 | medium | 4.6 | 5.6 | 10y ago | The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or… | |||
| CVE-2016-2384 | medium | 4.6 | 5.6 | 10y ago | Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly … | |||
| CVE-2016-2184 | medium | 4.6 | 5.6 | 10y ago | The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin… | |||
| CVE-2016-9586 | medium | — | 5.5 | — | curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts… | |||
| CVE-2016-7056 | medium | — | 5.5 | — | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | |||
| CVE-2016-9063 | medium | — | 5.5 | — | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | |||
| CVE-2016-7074 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf… | |||
| CVE-2016-7072 | medium | — | 5.5 | — | An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections … | |||
| CVE-2016-7068 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the Power… | |||
| CVE-2016-7073 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf… | |||
| CVE-2016-2120 | medium | — | 5.5 | — | An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone u… | |||
| CVE-2016-9594 | medium | — | 5.5 | — | curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes … | |||
| CVE-2016-3709 | medium | — | 5.5 | 4y ago | RHSA-2022:7715: libxml2 security update (Moderate) | |||
| CVE-2016-2048 | medium | 5.5 | 5.5 | 4y ago | Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option … | |||
| CVE-2016-10739 | medium | — | 5.5 | 7y ago | RHSA-2019:3513: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-3695 | medium | 5.5 | 5.5 | 9y ago | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disab… | |||
| CVE-2016-4924 | medium | 5.5 | 5.5 | 9y ago | An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information conta… | |||
| CVE-2016-5001 | medium | 5.5 | 5.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop | |||
| CVE-2016-0354 | medium | 5.5 | 5.5 | 9y ago | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which coul… | |||
| CVE-2016-6310 | medium | 5.5 | 5.5 | 9y ago | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | |||
| CVE-2016-7844 | medium | 5.5 | 5.5 | 9y ago | GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||
| CVE-2016-5893 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. | |||
| CVE-2016-10337 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. | |||
| CVE-2016-10336 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||
| CVE-2016-10335 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | |||
| CVE-2016-10334 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||
| CVE-2016-10333 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | |||
| CVE-2016-10332 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | |||
| CVE-2016-3696 | medium | 5.5 | 5.5 | 9y ago | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||
| CVE-2016-3095 | medium | 5.5 | 5.5 | 9y ago | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||
| CVE-2016-3111 | medium | 5.5 | 5.5 | 9y ago | pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before late… | |||
| CVE-2016-3107 | medium | 5.5 | 5.5 | 9y ago | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitiv… | |||
| CVE-2016-8939 | medium | 5.5 | 5.5 | 9y ago | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. | |||
| CVE-2016-6089 | medium | 5.5 | 5.5 | 9y ago | IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. | |||
| CVE-2016-5960 | medium | 5.5 | 5.5 | 9y ago | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. | |||
| CVE-2016-9960 | medium | 5.5 | 5.5 | 9y ago | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||
| CVE-2016-7977 | medium | 5.5 | 5.5 | 9y ago | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript d… | |||
| CVE-2016-10374 | medium | 5.5 | 5.5 | 9y ago | perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protect… | |||
| CVE-2016-4839 | medium | 5.5 | 5.5 | 9y ago | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0… | |||
| CVE-2016-10292 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibilit… | |||
| CVE-2016-10371 | medium | 5.5 | 5.5 | 9y ago | The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF f… | |||
| CVE-2016-8916 | medium | 5.5 | 5.5 | 9y ago | IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. | |||
| CVE-2016-10351 | medium | 5.5 | 5.5 | 9y ago | Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | |||
| CVE-2016-10350 | medium | 5.5 | 5.5 | 9y ago | The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and applica… | |||
| CVE-2016-10349 | medium | 5.5 | 5.5 | 9y ago | The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2016-7843 | medium | 5.5 | 5.5 | 9y ago | Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files v… | |||
| CVE-2016-7842 | medium | 5.5 | 5.5 | 9y ago | Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | |||
| CVE-2016-3076 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |||
| CVE-2016-6341 | medium | 5.5 | 5.5 | 9y ago | oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | |||
| CVE-2016-5410 | medium | 5.5 | 5.5 | 9y ago | firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntr… | |||
| CVE-2016-2036 | medium | 5.5 | 5.5 | 9y ago | The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allow… | |||
| CVE-2016-5322 | medium | 5.5 | 5.5 | 9y ago | The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||
| CVE-2016-1517 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in OpenCV | |||
| CVE-2016-5349 | medium | 5.5 | 5.5 | 9y ago | The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to le… | |||
| CVE-2016-10220 | medium | 5.5 | 5.5 | 9y ago | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)… | |||
| CVE-2016-10219 | medium | 5.5 | 5.5 | 9y ago | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||
| CVE-2016-10218 | medium | 5.5 | 5.5 | 9y ago | The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointe… | |||
| CVE-2016-10217 | medium | 5.5 | 5.5 | 9y ago | The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file tha… | |||
| CVE-2016-10209 | medium | 5.5 | 5.5 | 9y ago | The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafte… | |||
| CVE-2016-8758 | medium | 5.5 | 5.5 | 9y ago | ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and… | |||
| CVE-2016-8756 | medium | 5.5 | 5.5 | 9y ago | ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 an… | |||
| CVE-2016-4976 | medium | 5.5 | 5.5 | 9y ago | Apache Ambari reveals administrator passwords | |||
| CVE-2016-8884 | medium | 5.5 | 5.5 | 9y ago | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP… | |||
| CVE-2016-9922 | medium | 5.5 | 5.5 | 9y ago | The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-z… | |||
| CVE-2016-7474 | medium | 5.5 | 5.5 | 9y ago | In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. | |||
| CVE-2016-10267 | medium | 5.5 | 5.5 | 9y ago | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. | |||
| CVE-2016-10266 | medium | 5.5 | 5.5 | 9y ago | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. | |||
| CVE-2016-3179 | medium | 5.5 | 5.5 | 9y ago | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. | |||
| CVE-2016-3178 | medium | 5.5 | 5.5 | 9y ago | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative … | |||
| CVE-2016-9557 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||
| CVE-2016-9556 | medium | 5.5 | 5.5 | 9y ago | The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | |||
| CVE-2016-9395 | medium | 5.5 | 5.5 | 9y ago | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-9394 | medium | 5.5 | 5.5 | 9y ago | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-9393 | medium | 5.5 | 5.5 | 9y ago | The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-9392 | medium | 5.5 | 5.5 | 9y ago | The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||
| CVE-2016-9390 | medium | 5.5 | 5.5 | 9y ago | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | |||
| CVE-2016-9388 | medium | 5.5 | 5.5 | 9y ago | The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | |||
| CVE-2016-9265 | medium | 5.5 | 5.5 | 9y ago | The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | |||
| CVE-2016-9264 | medium | 5.5 | 5.5 | 9y ago | Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |||
| CVE-2016-9262 | medium | 5.5 | 5.5 | 9y ago | Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of … | |||
| CVE-2016-9011 | medium | 5.5 | 5.5 | 9y ago | The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. | |||
| CVE-2016-8887 | medium | 5.5 | 5.5 | 9y ago | The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | |||
| CVE-2016-8885 | medium | 5.5 | 5.5 | 9y ago | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a craf… | |||
| CVE-2016-10058 | medium | 5.5 | 5.5 | 9y ago | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | |||
| CVE-2016-10053 | medium | 5.5 | 5.5 | 9y ago | The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||
| CVE-2016-10047 | medium | 5.5 | 5.5 | 9y ago | Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | |||
| CVE-2016-10046 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | |||
| CVE-2016-10255 | medium | 5.5 | 5.5 | 9y ago | The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header valu… | |||
| CVE-2016-10254 | medium | 5.5 | 5.5 | 9y ago | The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. | |||
| CVE-2016-5749 | medium | 5.5 | 5.5 | 9y ago | NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML Extern… | |||
| CVE-2016-5748 | medium | 5.5 | 5.5 | 9y ago | External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local f… | |||
| CVE-2016-10187 | medium | 5.5 | 5.5 | 9y ago | The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | |||
| CVE-2016-10247 | medium | 5.5 | 5.5 | 9y ago | Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cr… |