CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0037 | high | 7.5 | 7.5 | 10y ago | The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outag… | |||
| CVE-2016-0033 | high | 7.5 | 7.5 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance … | |||
| CVE-2016-2200 | high | 7.5 | 7.5 | 11y ago | Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | |||
| CVE-2016-0811 | high | 7.5 | 7.5 | 11y ago | Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and con… | |||
| CVE-2016-0862 | medium | 6.5 | 7.5 | 11y ago | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vec… | |||
| CVE-2016-1145 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via u… | |||
| CVE-2016-1139 | high | 7.5 | 7.5 | 11y ago | Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2016-0867 | high | 7.5 | 7.5 | 11y ago | CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||
| CVE-2016-1303 | high | 7.5 | 7.5 | 11y ago | The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | |||
| CVE-2016-1493 | high | 7.5 | 7.5 | 11y ago | Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||
| CVE-2016-0738 | high | 7.5 | 7.5 | 11y ago | OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (pro… | |||
| CVE-2016-0737 | high | 7.5 | 7.5 | 11y ago | OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series o… | |||
| CVE-2016-1882 | high | 7.5 | 7.5 | 11y ago | FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and… | |||
| CVE-2016-1983 | high | 7.5 | 7.5 | 11y ago | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |||
| CVE-2016-1982 | high | 7.5 | 7.5 | 11y ago | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | |||
| CVE-2016-0751 | high | 7.5 | 7.5 | 11y ago | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly… | |||
| CVE-2016-0577 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0574 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0573 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0572 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0522 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, i… | |||
| CVE-2016-0500 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availab… | |||
| CVE-2016-1296 | high | 7.5 | 7.5 | 11y ago | The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP met… | |||
| CVE-2016-0860 | high | 7.5 | 7.5 | 11y ago | Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. | |||
| CVE-2016-0855 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | |||
| CVE-2016-0853 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | |||
| CVE-2016-0852 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | |||
| CVE-2016-0851 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||
| CVE-2016-0002 | high | 7.5 | 7.5 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafte… | |||
| CVE-2016-1232 | high | 7.5 | 7.5 | 11y ago | The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoo… | |||
| CVE-2016-10517 | high | 7.4 | 7.4 | 9y ago | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack … | |||
| CVE-2016-8495 | high | 7.4 | 7.4 | 9y ago | An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MI… | |||
| CVE-2016-9417 | high | 7.4 | 7.4 | 10y ago | The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecif… | |||
| CVE-2016-7999 | high | 7.4 | 7.4 | 10y ago | ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||
| CVE-2016-6657 | high | 7.4 | 7.4 | 10y ago | An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runt… | |||
| CVE-2016-3174 | high | 7.4 | 7.4 | 10y ago | An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be pro… | |||
| CVE-2016-5564 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated us… | |||
| CVE-2016-1000001 | high | 7.4 | 7.4 | 10y ago | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||
| CVE-2016-3699 | high | 7.4 | 7.4 | 10y ago | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions an… | |||
| CVE-2016-5284 | high | 7.4 | 7.4 | 10y ago | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spo… | |||
| CVE-2016-0928 | high | 7.4 | 7.4 | 10y ago | Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2016-3378 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers… | |||
| CVE-2016-6516 | high | 7.4 | 7.4 | 10y ago | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain priv… | |||
| CVE-2016-3585 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. | |||
| CVE-2016-0340 | high | 7.4 | 7.4 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveragin… | |||
| CVE-2016-1195 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2016-3664 | high | 7.4 | 7.4 | 10y ago | Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obt… | |||
| CVE-2016-2221 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2016-3726 | high | 7.4 | 7.4 | 10y ago | Jenkins affected by Open Redirect Vulnerability | |||
| CVE-2016-1392 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci… | |||
| CVE-2016-1389 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID… | |||
| CVE-2016-2069 | high | 7.4 | 7.4 | 10y ago | Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | |||
| CVE-2016-2113 | high | 7.4 | 7.4 | 10y ago | Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and … | |||
| CVE-2016-3421 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,… | |||
| CVE-2016-2410 | high | 7.4 | 7.4 | 10y ago | A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka inte… | |||
| CVE-2016-2084 | high | 7.4 | 7.4 | 10y ago | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build … | |||
| CVE-2016-2001 | high | 7.4 | 7.4 | 10y ago | HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | |||
| CVE-2016-3167 | high | 7.4 | 7.4 | 10y ago | Drupal Open redirect vulnerability in the drupal_goto function | |||
| CVE-2016-3164 | high | 7.4 | 7.4 | 10y ago | Drupal Open Redirect | |||
| CVE-2016-2512 | high | 7.4 | 7.4 | 10y ago | The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cr… | |||
| CVE-2016-3116 | medium | 6.4 | 7.4 | 10y ago | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||
| CVE-2016-3115 | medium | 6.4 | 7.4 | 10y ago | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re… | |||
| CVE-2016-1963 | high | 7.4 | 7.4 | 10y ago | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||
| CVE-2016-1942 | high | 7.4 | 7.4 | 11y ago | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | |||
| CVE-2016-1137 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2016-0492 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2016-0491 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availabilit… | |||
| CVE-2016-5795 | high | 7.3 | 7.3 | 9y ago | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker cou… | |||
| CVE-2016-8588 | high | 7.3 | 7.3 | 9y ago | The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uplo… | |||
| CVE-2016-8587 | high | 7.3 | 7.3 | 9y ago | dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn… | |||
| CVE-2016-8032 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||
| CVE-2016-8031 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | |||
| CVE-2016-10205 | high | 7.3 | 7.3 | 9y ago | Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | |||
| CVE-2016-4041 | high | 7.3 | 7.3 | 9y ago | Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | |||
| CVE-2016-9363 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9334 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and… | |||
| CVE-2016-3102 | high | 7.3 | 7.3 | 9y ago | Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection | |||
| CVE-2016-5934 | high | 7.3 | 7.3 | 9y ago | IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… | |||
| CVE-2016-1502 | high | 7.3 | 7.3 | 9y ago | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||
| CVE-2016-6042 | high | 7.3 | 7.3 | 10y ago | IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte… | |||
| CVE-2016-8310 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-7038 | high | 7.3 | 7.3 | 10y ago | Moodle Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2016-10096 | high | 7.3 | 7.3 | 10y ago | GeniXCMS SQL injection vulnerability | |||
| CVE-2016-10039 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10038 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10037 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, re… | |||
| CVE-2016-7966 | high | 7.3 | 7.3 | 10y ago | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si… | |||
| CVE-2016-6474 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication… | |||
| CVE-2016-9156 | high | 7.3 | 7.3 | 10y ago | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted pa… | |||
| CVE-2016-2936 | high | 7.3 | 7.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2016-6733 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6732 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6731 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6730 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-4960 | high | 7.3 | 7.3 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privile… | |||
| CVE-2016-6453 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CS… | |||
| CVE-2016-8503 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java… | |||
| CVE-2016-8502 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J… | |||
| CVE-2016-5539 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-5526 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… |