CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1270 | high | 7.5 | 7.5 | 10y ago | The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X… | |||
| CVE-2016-1269 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 befo… | |||
| CVE-2016-1268 | high | 7.5 | 7.5 | 10y ago | The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. | |||
| CVE-2016-4017 | high | 7.5 | 7.5 | 10y ago | The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||
| CVE-2016-4015 | high | 7.5 | 7.5 | 10y ago | The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | |||
| CVE-2016-2515 | high | 7.5 | 7.5 | 10y ago | Regular Expression Denial of Service in hawk | |||
| CVE-2016-2118 | high | 7.5 | 7.5 | 10y ago | The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers … | |||
| CVE-2016-1035 | high | 7.5 | 7.5 | 10y ago | Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0166 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0164 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2016-0159 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2016-0157 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0156 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0155 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0154 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0150 | high | 7.5 | 7.5 | 10y ago | HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." | |||
| CVE-2016-3656 | high | 7.5 | 7.5 | 10y ago | The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service c… | |||
| CVE-2016-3165 | high | 7.5 | 7.5 | 10y ago | Drupal Form API ignores access restrictions on submit buttons | |||
| CVE-2016-3163 | high | 7.5 | 7.5 | 10y ago | Drupal Brute force amplification attacks via XML-RPC | |||
| CVE-2016-3678 | high | 7.5 | 7.5 | 10y ago | Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||
| CVE-2016-2193 | high | 7.5 | 7.5 | 10y ago | PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that pe… | |||
| CVE-2016-2171 | high | 7.5 | 7.5 | 10y ago | The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the RES… | |||
| CVE-2016-2164 | high | 7.5 | 7.5 | 10y ago | Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file | |||
| CVE-2016-0783 | high | 7.5 | 7.5 | 10y ago | The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging… | |||
| CVE-2016-3983 | high | 7.5 | 7.5 | 10y ago | McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||
| CVE-2016-2381 | high | 7.5 | 7.5 | 10y ago | Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | |||
| CVE-2016-3980 | high | 7.5 | 7.5 | 10y ago | The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | |||
| CVE-2016-3979 | high | 7.5 | 7.5 | 10y ago | Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP req… | |||
| CVE-2016-2216 | high | 7.5 | 7.5 | 10y ago | The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response… | |||
| CVE-2016-2086 | high | 7.5 | 7.5 | 10y ago | Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | |||
| CVE-2016-3948 | high | 7.5 | 7.5 | 10y ago | Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | |||
| CVE-2016-2272 | high | 7.5 | 7.5 | 10y ago | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | |||
| CVE-2016-0871 | high | 7.5 | 7.5 | 10y ago | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | |||
| CVE-2016-3125 | high | 7.5 | 7.5 | 10y ago | The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be use… | |||
| CVE-2016-2289 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | |||
| CVE-2016-1345 | high | 7.5 | 7.5 | 10y ago | Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka B… | |||
| CVE-2016-2344 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (… | |||
| CVE-2016-1351 | high | 7.5 | 7.5 | 10y ago | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header… | |||
| CVE-2016-1350 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bu… | |||
| CVE-2016-1349 | high | 7.5 | 7.5 | 10y ago | The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parame… | |||
| CVE-2016-1348 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | |||
| CVE-2016-1347 | high | 7.5 | 7.5 | 10y ago | The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug… | |||
| CVE-2016-1777 | high | 7.5 | 7.5 | 10y ago | Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||
| CVE-2016-1766 | high | 7.5 | 7.5 | 10y ago | The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. | |||
| CVE-2016-0829 | high | 7.5 | 7.5 | 10y ago | The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initial… | |||
| CVE-2016-0828 | high | 7.5 | 7.5 | 10y ago | The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot … | |||
| CVE-2016-1326 | high | 7.5 | 7.5 | 10y ago | The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. | |||
| CVE-2016-1325 | high | 7.5 | 7.5 | 10y ago | The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | |||
| CVE-2016-1312 | high | 7.5 | 7.5 | 10y ago | The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of servic… | |||
| CVE-2016-0130 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0129 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0124 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0123 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0116 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0114 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0113 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-0112 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-0110 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft B… | |||
| CVE-2016-0109 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-0107 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-0106 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0105 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0104 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0103 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0102 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-0798 | high | 7.5 | 7.5 | 10y ago | Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing a… | |||
| CVE-2016-0797 | high | 7.5 | 7.5 | 10y ago | Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly … | |||
| CVE-2016-2572 | high | 7.5 | 7.5 | 10y ago | http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) vi… | |||
| CVE-2016-2571 | high | 7.5 | 7.5 | 10y ago | http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (asse… | |||
| CVE-2016-2570 | high | 7.5 | 7.5 | 10y ago | The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (ass… | |||
| CVE-2016-2569 | high | 7.5 | 7.5 | 10y ago | Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long s… | |||
| CVE-2016-2537 | high | 7.5 | 7.5 | 10y ago | Regular Expression Denial of Service in is-my-json-valid | |||
| CVE-2016-2041 | high | 7.5 | 7.5 | 10y ago | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier fo… | |||
| CVE-2016-1927 | high | 7.5 | 7.5 | 10y ago | The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easie… | |||
| CVE-2016-1335 | high | 7.5 | 7.5 | 10y ago | The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote auth… | |||
| CVE-2016-0773 | high | 7.5 | 7.5 | 10y ago | PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow a… | |||
| CVE-2016-0742 | high | 7.5 | 7.5 | 10y ago | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | |||
| CVE-2016-1322 | high | 7.5 | 7.5 | 10y ago | The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | |||
| CVE-2016-1315 | high | 7.5 | 7.5 | 10y ago | The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content rest… | |||
| CVE-2016-0958 | high | 7.5 | 7.5 | 10y ago | Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||
| CVE-2016-0957 | high | 7.5 | 7.5 | 10y ago | Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||
| CVE-2016-0047 | high | 7.5 | 7.5 | 10y ago | WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms I… | |||
| CVE-2016-0044 | high | 7.5 | 7.5 | 10y ago | Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data,… | |||
| CVE-2016-0037 | high | 7.5 | 7.5 | 10y ago | The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outag… | |||
| CVE-2016-0033 | high | 7.5 | 7.5 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance … | |||
| CVE-2016-2200 | high | 7.5 | 7.5 | 11y ago | Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | |||
| CVE-2016-0811 | high | 7.5 | 7.5 | 11y ago | Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and con… | |||
| CVE-2016-1145 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via u… | |||
| CVE-2016-1139 | high | 7.5 | 7.5 | 11y ago | Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2016-0867 | high | 7.5 | 7.5 | 11y ago | CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||
| CVE-2016-1303 | high | 7.5 | 7.5 | 11y ago | The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | |||
| CVE-2016-1493 | high | 7.5 | 7.5 | 11y ago | Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||
| CVE-2016-0738 | high | 7.5 | 7.5 | 11y ago | OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (pro… | |||
| CVE-2016-0737 | high | 7.5 | 7.5 | 11y ago | OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series o… | |||
| CVE-2016-1882 | high | 7.5 | 7.5 | 11y ago | FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and… | |||
| CVE-2016-1983 | high | 7.5 | 7.5 | 11y ago | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |||
| CVE-2016-1982 | high | 7.5 | 7.5 | 11y ago | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | |||
| CVE-2016-0751 | high | 7.5 | 7.5 | 11y ago | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly… | |||
| CVE-2016-0577 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0574 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… |