CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7445 | high | 7.5 | 7.5 | 10y ago | convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | |||
| CVE-2016-3658 | high | 7.5 | 7.5 | 10y ago | The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vecto… | |||
| CVE-2016-3634 | high | 7.5 | 7.5 | 10y ago | The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag … | |||
| CVE-2016-3633 | high | 7.5 | 7.5 | 10y ago | The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | |||
| CVE-2016-3631 | high | 7.5 | 7.5 | 10y ago | The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytec… | |||
| CVE-2016-3624 | high | 7.5 | 7.5 | 10y ago | The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. | |||
| CVE-2016-3623 | high | 7.5 | 7.5 | 10y ago | The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | |||
| CVE-2016-3620 | high | 7.5 | 7.5 | 10y ago | The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a … | |||
| CVE-2016-5986 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote a… | |||
| CVE-2016-7444 | high | 7.5 | 7.5 | 10y ago | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to … | |||
| CVE-2016-7045 | high | 7.5 | 7.5 | 10y ago | The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of … | |||
| CVE-2016-7044 | high | 7.5 | 7.5 | 10y ago | The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and c… | |||
| CVE-2016-7052 | high | 7.5 | 7.5 | 10y ago | crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | |||
| CVE-2016-6305 | high | 7.5 | 7.5 | 10y ago | The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_… | |||
| CVE-2016-6304 | high | 7.5 | 7.5 | 10y ago | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status… | |||
| CVE-2016-6142 | high | 7.5 | 7.5 | 10y ago | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||
| CVE-2016-7162 | high | 7.5 | 7.5 | 10y ago | The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | |||
| CVE-2016-6518 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malforme… | |||
| CVE-2016-3110 | high | 7.5 | 7.5 | 10y ago | mod_cluster Denial of Service vulnerability | |||
| CVE-2016-5996 | high | 7.5 | 7.5 | 10y ago | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… | |||
| CVE-2016-5957 | high | 7.5 | 7.5 | 10y ago | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by lever… | |||
| CVE-2016-4772 | high | 7.5 | 7.5 | 10y ago | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. | |||
| CVE-2016-4754 | high | 7.5 | 7.5 | 10y ago | ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||
| CVE-2016-4711 | high | 7.5 | 7.5 | 10y ago | CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for i… | |||
| CVE-2016-6411 | high | 7.5 | 7.5 | 10y ago | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settin… | |||
| CVE-2016-6409 | high | 7.5 | 7.5 | 10y ago | The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traff… | |||
| CVE-2016-6408 | high | 7.5 | 7.5 | 10y ago | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML Externa… | |||
| CVE-2016-6669 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allo… | |||
| CVE-2016-6159 | high | 7.5 | 7.5 | 10y ago | The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special … | |||
| CVE-2016-5427 | high | 7.5 | 7.5 | 10y ago | PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a cra… | |||
| CVE-2016-5426 | high | 7.5 | 7.5 | 10y ago | PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | |||
| CVE-2016-5418 | high | 7.5 | 7.5 | 10y ago | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive fil… | |||
| CVE-2016-4809 | high | 7.5 | 7.5 | 10y ago | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO … | |||
| CVE-2016-6802 | high | 7.5 | 7.5 | 10y ago | Improper Access Control in Apache Shiro | |||
| CVE-2016-6537 | high | 7.5 | 7.5 | 10y ago | AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent a… | |||
| CVE-2016-4526 | high | 7.5 | 7.5 | 10y ago | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | |||
| CVE-2016-1483 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID C… | |||
| CVE-2016-6639 | high | 7.5 | 7.5 | 10y ago | Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and… | |||
| CVE-2016-0929 | high | 7.5 | 7.5 | 10y ago | The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitiv… | |||
| CVE-2016-0923 | high | 7.5 | 7.5 | 10y ago | The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes … | |||
| CVE-2016-7418 | high | 7.5 | 7.5 | 10y ago | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) o… | |||
| CVE-2016-7416 | high | 7.5 | 7.5 | 10y ago | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote atta… | |||
| CVE-2016-6407 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges… | |||
| CVE-2016-6936 | high | 7.5 | 7.5 | 10y ago | Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging a… | |||
| CVE-2016-6302 | high | 7.5 | 7.5 | 10y ago | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-2181 | high | 7.5 | 7.5 | 10y ago | The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cau… | |||
| CVE-2016-2179 | high | 7.5 | 7.5 | 10y ago | The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial … | |||
| CVE-2016-3377 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3375 | high | 7.5 | 7.5 | 10y ago | The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Serv… | |||
| CVE-2016-3369 | high | 7.5 | 7.5 | 10y ago | Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability." | |||
| CVE-2016-3350 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3330 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-3295 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows… | |||
| CVE-2016-3294 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-6399 | high | 7.5 | 7.5 | 10y ago | Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via … | |||
| CVE-2016-6371 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafte… | |||
| CVE-2016-7132 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… | |||
| CVE-2016-7131 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… | |||
| CVE-2016-7130 | high | 7.5 | 7.5 | 10y ago | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) o… | |||
| CVE-2016-7125 | high | 7.5 | 7.5 | 10y ago | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session d… | |||
| CVE-2016-1469 | high | 7.5 | 7.5 | 10y ago | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | |||
| CVE-2016-1263 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 … | |||
| CVE-2016-6263 | high | 7.5 | 7.5 | 10y ago | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | |||
| CVE-2016-6262 | high | 7.5 | 7.5 | 10y ago | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE… | |||
| CVE-2016-6261 | high | 7.5 | 7.5 | 10y ago | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | |||
| CVE-2016-7107 | high | 7.5 | 7.5 | 10y ago | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. | |||
| CVE-2016-6899 | high | 7.5 | 7.5 | 10y ago | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers… | |||
| CVE-2016-6876 | high | 7.5 | 7.5 | 10y ago | The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP A… | |||
| CVE-2016-6838 | high | 7.5 | 7.5 | 10y ago | Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 … | |||
| CVE-2016-6346 | high | 7.5 | 7.5 | 10y ago | Denial of service in JBoss resteasy | |||
| CVE-2016-7113 | high | 7.5 | 7.5 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-0772 | medium | 6.5 | 7.5 | 10y ago | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa… | |||
| CVE-2016-1472 | high | 7.5 | 7.5 | 10y ago | The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request,… | |||
| CVE-2016-2183 | high | 7.5 | 7.5 | 10y ago | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for re… | |||
| CVE-2016-5049 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in … | |||
| CVE-2016-4378 | high | 7.5 | 7.5 | 10y ago | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Editio… | |||
| CVE-2016-5023 | high | 7.5 | 7.5 | 10y ago | Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote att… | |||
| CVE-2016-5673 | high | 7.5 | 7.5 | 10y ago | UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP addre… | |||
| CVE-2016-5650 | high | 7.5 | 7.5 | 10y ago | ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID valu… | |||
| CVE-2016-6364 | high | 7.5 | 7.5 | 10y ago | The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspec… | |||
| CVE-2016-6355 | high | 7.5 | 7.5 | 10y ago | Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) … | |||
| CVE-2016-1484 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||
| CVE-2016-1479 | high | 7.5 | 7.5 | 10y ago | Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||
| CVE-2016-10173 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | |||
| CVE-2016-5736 | high | 7.5 | 7.5 | 10y ago | The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.… | |||
| CVE-2016-6317 | high | 7.5 | 7.5 | 10y ago | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote a… | |||
| CVE-2016-5420 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leve… | |||
| CVE-2016-5419 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||
| CVE-2016-3322 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability tha… | |||
| CVE-2016-3296 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3293 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." | |||
| CVE-2016-3290 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20… | |||
| CVE-2016-3289 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability tha… | |||
| CVE-2016-1478 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many cr… | |||
| CVE-2016-1466 | high | 7.5 | 7.5 | 10y ago | Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of serv… | |||
| CVE-2016-1429 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | |||
| CVE-2016-5141 | high | 7.5 | 7.5 | 10y ago | Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.… | |||
| CVE-2016-5350 | high | 7.5 | 7.5 | 10y ago | epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial … | |||
| CVE-2016-6128 | high | 7.5 | 7.5 | 10y ago | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2016-3831 | high | 7.5 | 7.5 | 10y ago | The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ t… |