CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6148 | high | 7.5 | 7.5 | 10y ago | SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 22… | |||
| CVE-2016-6232 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, r… | |||
| CVE-2016-2180 | high | 7.5 | 7.5 | 10y ago | The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial… | |||
| CVE-2016-1461 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | |||
| CVE-2016-1463 | high | 7.5 | 7.5 | 10y ago | Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | |||
| CVE-2016-5127 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2016-5874 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | |||
| CVE-2016-5744 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | |||
| CVE-2016-4632 | high | 7.5 | 7.5 | 10y ago | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2016-4591 | high | 7.5 | 7.5 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | |||
| CVE-2016-5449 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. | |||
| CVE-2016-3542 | medium | 6.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentia… | |||
| CVE-2016-3528 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via ve… | |||
| CVE-2016-3526 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3515 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unk… | |||
| CVE-2016-3479 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-3471 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | |||
| CVE-2016-5654 | high | 7.5 | 7.5 | 10y ago | Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter. | |||
| CVE-2016-5790 | high | 7.5 | 7.5 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | |||
| CVE-2016-1450 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. | |||
| CVE-2016-1426 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | |||
| CVE-2016-4974 | high | 7.5 | 7.5 | 10y ago | Improper Input Validation in Apache Qpid AMQP 0-x JMS | |||
| CVE-2016-4216 | high | 7.5 | 7.5 | 10y ago | Moderate severity vulnerability that affects com.adobe.xmp:xmpcore | |||
| CVE-2016-3264 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-3255 | high | 7.5 | 7.5 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entit… | |||
| CVE-2016-3246 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-3243 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2016-3242 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3241 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3240 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-4985 | high | 7.5 | 7.5 | 10y ago | OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2016-3766 | high | 7.5 | 7.5 | 10y ago | MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, w… | |||
| CVE-2016-3760 | high | 7.5 | 7.5 | 10y ago | Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the pri… | |||
| CVE-2016-3756 | high | 7.5 | 7.5 | 10y ago | Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attacker… | |||
| CVE-2016-3755 | high | 7.5 | 7.5 | 10y ago | decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or r… | |||
| CVE-2016-3754 | high | 7.5 | 7.5 | 10y ago | mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-3753 | high | 7.5 | 7.5 | 10y ago | mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135. | |||
| CVE-2016-3744 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers t… | |||
| CVE-2016-4463 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | |||
| CVE-2016-2945 | high | 7.5 | 7.5 | 10y ago | The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an… | |||
| CVE-2016-2119 | high | 7.5 | 7.5 | 10y ago | libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently … | |||
| CVE-2016-2923 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, whi… | |||
| CVE-2016-4979 | high | 7.5 | 7.5 | 10y ago | The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow… | |||
| CVE-2016-4957 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. | |||
| CVE-2016-4954 | high | 7.5 | 7.5 | 10y ago | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many sou… | |||
| CVE-2016-4953 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at… | |||
| CVE-2016-4433 | high | 7.5 | 7.5 | 10y ago | Apache Struts Open Redirect | |||
| CVE-2016-4431 | high | 7.5 | 7.5 | 10y ago | Apache Struts Access Control Redirect | |||
| CVE-2016-3092 | high | 7.5 | 7.5 | 10y ago | High severity vulnerability that affects commons-fileupload:commons-fileupload | |||
| CVE-2016-5739 | high | 7.5 | 7.5 | 10y ago | The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, … | |||
| CVE-2016-5706 | high | 7.5 | 7.5 | 10y ago | js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet… | |||
| CVE-2016-3956 | high | 7.5 | 7.5 | 10y ago | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, wh… | |||
| CVE-2016-5360 | high | 7.5 | 7.5 | 10y ago | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impa… | |||
| CVE-2016-5301 | high | 7.5 | 7.5 | 10y ago | The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. | |||
| CVE-2016-4803 | high | 7.5 | 7.5 | 10y ago | CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | |||
| CVE-2016-5368 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) pack… | |||
| CVE-2016-5839 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. | |||
| CVE-2016-5838 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | |||
| CVE-2016-5837 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. | |||
| CVE-2016-5836 | high | 7.5 | 7.5 | 10y ago | The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-5835 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/re… | |||
| CVE-2016-5832 | high | 7.5 | 7.5 | 10y ago | The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | |||
| CVE-2016-0260 | high | 7.5 | 7.5 | 10y ago | Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. | |||
| CVE-2016-5244 | high | 7.5 | 7.5 | 10y ago | The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from k… | |||
| CVE-2016-3949 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial o… | |||
| CVE-2016-4823 | high | 7.5 | 7.5 | 10y ago | Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | |||
| CVE-2016-1193 | high | 7.5 | 7.5 | 10y ago | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | |||
| CVE-2016-5697 | high | 7.5 | 7.5 | 10y ago | Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | |||
| CVE-2016-1438 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | |||
| CVE-2016-1436 | high | 7.5 | 7.5 | 10y ago | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of servi… | |||
| CVE-2016-2364 | high | 7.5 | 7.5 | 10y ago | The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote … | |||
| CVE-2016-4817 | high | 7.5 | 7.5 | 10y ago | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash… | |||
| CVE-2016-4815 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files … | |||
| CVE-2016-4814 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files v… | |||
| CVE-2016-1427 | high | 7.5 | 7.5 | 10y ago | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via c… | |||
| CVE-2016-5300 | high | 7.5 | 7.5 | 10y ago | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an … | |||
| CVE-2016-5361 | high | 7.5 | 7.5 | 10y ago | programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. N… | |||
| CVE-2016-3207 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3206 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3205 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3202 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-5367 | high | 7.5 | 7.5 | 10y ago | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. | |||
| CVE-2016-5366 | high | 7.5 | 7.5 | 10y ago | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | |||
| CVE-2016-4579 | high | 7.5 | 7.5 | 10y ago | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl… | |||
| CVE-2016-4574 | high | 7.5 | 7.5 | 10y ago | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded… | |||
| CVE-2016-4478 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC re… | |||
| CVE-2016-4414 | high | 7.5 | 7.5 | 10y ago | The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | |||
| CVE-2016-4356 | high | 7.5 | 7.5 | 10y ago | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after in… | |||
| CVE-2016-4355 | high | 7.5 | 7.5 | 10y ago | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||
| CVE-2016-4354 | high | 7.5 | 7.5 | 10y ago | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||
| CVE-2016-4353 | high | 7.5 | 7.5 | 10y ago | ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | |||
| CVE-2016-2821 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execu… | |||
| CVE-2016-3706 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vecto… | |||
| CVE-2016-1421 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in… | |||
| CVE-2016-4447 | high | 7.5 | 7.5 | 10y ago | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted … | |||
| CVE-2016-4367 | high | 7.5 | 7.5 | 10y ago | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4365 | high | 7.5 | 7.5 | 10y ago | HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4361 | high | 7.5 | 7.5 | 10y ago | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch … | |||
| CVE-2016-2027 | high | 7.5 | 7.5 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. | |||
| CVE-2016-2026 | high | 7.5 | 7.5 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. |