CVEs from 2016
Total
8,455
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0573 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0572 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-0522 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, i… | |||
| CVE-2016-0500 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availab… | |||
| CVE-2016-1296 | high | 7.5 | 7.5 | 11y ago | The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP met… | |||
| CVE-2016-0860 | high | 7.5 | 7.5 | 11y ago | Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. | |||
| CVE-2016-0855 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | |||
| CVE-2016-0853 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | |||
| CVE-2016-0852 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | |||
| CVE-2016-0851 | high | 7.5 | 7.5 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||
| CVE-2016-0002 | high | 7.5 | 7.5 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafte… | |||
| CVE-2016-1232 | high | 7.5 | 7.5 | 11y ago | The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoo… | |||
| CVE-2016-10517 | high | 7.4 | 7.4 | 9y ago | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack … | |||
| CVE-2016-8495 | high | 7.4 | 7.4 | 9y ago | An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MI… | |||
| CVE-2016-9417 | high | 7.4 | 7.4 | 10y ago | The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecif… | |||
| CVE-2016-7999 | high | 7.4 | 7.4 | 10y ago | ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||
| CVE-2016-6657 | high | 7.4 | 7.4 | 10y ago | An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runt… | |||
| CVE-2016-3174 | high | 7.4 | 7.4 | 10y ago | An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be pro… | |||
| CVE-2016-5564 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated us… | |||
| CVE-2016-1000001 | high | 7.4 | 7.4 | 10y ago | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||
| CVE-2016-3699 | high | 7.4 | 7.4 | 10y ago | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions an… | |||
| CVE-2016-5284 | high | 7.4 | 7.4 | 10y ago | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spo… | |||
| CVE-2016-0928 | high | 7.4 | 7.4 | 10y ago | Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2016-3378 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers… | |||
| CVE-2016-6516 | high | 7.4 | 7.4 | 10y ago | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain priv… | |||
| CVE-2016-3585 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. | |||
| CVE-2016-0340 | high | 7.4 | 7.4 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveragin… | |||
| CVE-2016-1195 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2016-3664 | high | 7.4 | 7.4 | 10y ago | Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obt… | |||
| CVE-2016-2221 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2016-3726 | high | 7.4 | 7.4 | 10y ago | Jenkins affected by Open Redirect Vulnerability | |||
| CVE-2016-1392 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci… | |||
| CVE-2016-1389 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID… | |||
| CVE-2016-2069 | high | 7.4 | 7.4 | 10y ago | Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | |||
| CVE-2016-2113 | high | 7.4 | 7.4 | 10y ago | Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and … | |||
| CVE-2016-3421 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,… | |||
| CVE-2016-2410 | high | 7.4 | 7.4 | 10y ago | A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka inte… | |||
| CVE-2016-2084 | high | 7.4 | 7.4 | 10y ago | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build … | |||
| CVE-2016-2001 | high | 7.4 | 7.4 | 10y ago | HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | |||
| CVE-2016-3167 | high | 7.4 | 7.4 | 10y ago | Drupal Open redirect vulnerability in the drupal_goto function | |||
| CVE-2016-3164 | high | 7.4 | 7.4 | 10y ago | Drupal Open Redirect | |||
| CVE-2016-2512 | high | 7.4 | 7.4 | 10y ago | The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cr… | |||
| CVE-2016-1963 | high | 7.4 | 7.4 | 10y ago | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||
| CVE-2016-1942 | high | 7.4 | 7.4 | 11y ago | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | |||
| CVE-2016-1137 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2016-5795 | high | 7.3 | 7.3 | 9y ago | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker cou… | |||
| CVE-2016-8588 | high | 7.3 | 7.3 | 9y ago | The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uplo… | |||
| CVE-2016-8587 | high | 7.3 | 7.3 | 9y ago | dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn… | |||
| CVE-2016-8032 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||
| CVE-2016-8031 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | |||
| CVE-2016-10205 | high | 7.3 | 7.3 | 9y ago | Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | |||
| CVE-2016-4041 | high | 7.3 | 7.3 | 9y ago | Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | |||
| CVE-2016-9363 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9334 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and… | |||
| CVE-2016-3102 | high | 7.3 | 7.3 | 9y ago | Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection | |||
| CVE-2016-5934 | high | 7.3 | 7.3 | 9y ago | IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… | |||
| CVE-2016-1502 | high | 7.3 | 7.3 | 9y ago | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||
| CVE-2016-6042 | high | 7.3 | 7.3 | 10y ago | IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte… | |||
| CVE-2016-8310 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-7038 | high | 7.3 | 7.3 | 10y ago | Moodle Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2016-10096 | high | 7.3 | 7.3 | 10y ago | GeniXCMS SQL injection vulnerability | |||
| CVE-2016-10039 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10038 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10037 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, re… | |||
| CVE-2016-7966 | high | 7.3 | 7.3 | 10y ago | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si… | |||
| CVE-2016-6474 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication… | |||
| CVE-2016-9156 | high | 7.3 | 7.3 | 10y ago | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted pa… | |||
| CVE-2016-2936 | high | 7.3 | 7.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2016-6733 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6732 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6731 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6730 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-4960 | high | 7.3 | 7.3 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privile… | |||
| CVE-2016-6453 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CS… | |||
| CVE-2016-8503 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java… | |||
| CVE-2016-8502 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J… | |||
| CVE-2016-5539 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-5526 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-7211 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-5995 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse libra… | |||
| CVE-2016-4385 | high | 7.3 | 7.3 | 10y ago | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Jav… | |||
| CVE-2016-4860 | high | 7.3 | 7.3 | 10y ago | Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of se… | |||
| CVE-2016-0896 | high | 7.3 | 7.3 | 10y ago | Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intend… | |||
| CVE-2016-5645 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote a… | |||
| CVE-2016-3841 | high | 7.3 | 7.3 | 10y ago | The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendm… | |||
| CVE-2016-3850 | high | 7.3 | 7.3 | 10y ago | Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field i… | |||
| CVE-2016-2497 | high | 7.3 | 7.3 | 10y ago | services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attacke… | |||
| CVE-2016-6192 | high | 7.3 | 7.3 | 10y ago | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica… | |||
| CVE-2016-4531 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattend… | |||
| CVE-2016-4641 | high | 7.3 | 7.3 | 10y ago | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||
| CVE-2016-5446 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2016-3561 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-0330 | high | 7.3 | 7.3 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by… | |||
| CVE-2016-4529 | high | 7.3 | 7.3 | 10y ago | An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, … | |||
| CVE-2016-3286 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3252 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3250 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||
| CVE-2016-3249 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-4512 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | |||
| CVE-2016-3988 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANT… |