CVEs from 2016
Total
8,455
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5051 | high | 7.5 | 7.5 | 9y ago | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. | |||
| CVE-2016-9219 | high | 7.5 | 7.5 | 9y ago | A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. Th… | |||
| CVE-2016-10226 | high | 7.5 | 7.5 | 9y ago | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted … | |||
| CVE-2016-10222 | high | 7.5 | 7.5 | 9y ago | runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and applicatio… | |||
| CVE-2016-10211 | high | 7.5 | 7.5 | 9y ago | libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable… | |||
| CVE-2016-10210 | high | 7.5 | 7.5 | 9y ago | libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer fun… | |||
| CVE-2016-8803 | high | 7.5 | 7.5 | 9y ago | The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | |||
| CVE-2016-8798 | high | 7.5 | 7.5 | 9y ago | Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. | |||
| CVE-2016-8797 | high | 7.5 | 7.5 | 9y ago | Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R0… | |||
| CVE-2016-8796 | high | 7.5 | 7.5 | 9y ago | Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | |||
| CVE-2016-8773 | high | 7.5 | 7.5 | 9y ago | Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C… | |||
| CVE-2016-8754 | high | 7.5 | 7.5 | 9y ago | Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may … | |||
| CVE-2016-2404 | high | 7.5 | 7.5 | 9y ago | Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; … | |||
| CVE-2016-6561 | high | 7.5 | 7.5 | 9y ago | illumos smbsrv NULL pointer dereference allows system crash. | |||
| CVE-2016-9123 | high | 7.5 | 7.5 | 9y ago | go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur… | |||
| CVE-2016-9122 | high | 7.5 | 7.5 | 9y ago | go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate … | |||
| CVE-2016-9252 | high | 7.5 | 7.5 | 9y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remot… | |||
| CVE-2016-9243 | high | 7.5 | 7.5 | 9y ago | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | |||
| CVE-2016-4912 | high | 7.5 | 7.5 | 9y ago | The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which trigge… | |||
| CVE-2016-7797 | high | 7.5 | 7.5 | 9y ago | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. | |||
| CVE-2016-2225 | high | 7.5 | 7.5 | 9y ago | The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-2224 | high | 7.5 | 7.5 | 9y ago | The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. | |||
| CVE-2016-10146 | high | 7.5 | 7.5 | 9y ago | Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2016-10132 | high | 7.5 | 7.5 | 9y ago | regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | |||
| CVE-2016-10129 | high | 7.5 | 7.5 | 9y ago | The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. | |||
| CVE-2016-10149 | high | 7.5 | 7.5 | 9y ago | XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||
| CVE-2016-9399 | high | 7.5 | 7.5 | 9y ago | The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9398 | high | 7.5 | 7.5 | 9y ago | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9397 | high | 7.5 | 7.5 | 9y ago | The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||
| CVE-2016-9396 | high | 7.5 | 7.5 | 9y ago | The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | |||
| CVE-2016-9391 | high | 7.5 | 7.5 | 9y ago | The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. | |||
| CVE-2016-9389 | high | 7.5 | 7.5 | 9y ago | The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | |||
| CVE-2016-9276 | high | 7.5 | 7.5 | 9y ago | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2016-9275 | high | 7.5 | 7.5 | 9y ago | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2016-10048 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | |||
| CVE-2016-9167 | high | 7.5 | 7.5 | 9y ago | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would… | |||
| CVE-2016-5754 | high | 7.5 | 7.5 | 9y ago | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | |||
| CVE-2016-5752 | high | 7.5 | 7.5 | 9y ago | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicio… | |||
| CVE-2016-5747 | high | 7.5 | 7.5 | 9y ago | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging pre… | |||
| CVE-2016-6650 | high | 7.5 | 7.5 | 9y ago | EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp… | |||
| CVE-2016-9165 | high | 7.5 | 7.5 | 9y ago | The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remot… | |||
| CVE-2016-10197 | high | 7.5 | 7.5 | 9y ago | The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | |||
| CVE-2016-10196 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvi… | |||
| CVE-2016-10250 | high | 7.5 | 7.5 | 9y ago | The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on… | |||
| CVE-2016-10248 | high | 7.5 | 7.5 | 9y ago | The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence. | |||
| CVE-2016-10252 | high | 7.5 | 7.5 | 9y ago | Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||
| CVE-2016-10189 | high | 7.5 | 7.5 | 9y ago | BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not … | |||
| CVE-2016-9368 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may… | |||
| CVE-2016-9740 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556. | |||
| CVE-2016-9728 | high | 7.5 | 7.5 | 9y ago | IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Referen… | |||
| CVE-2016-9643 | high | 7.5 | 7.5 | 9y ago | The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and… | |||
| CVE-2016-4950 | high | 7.5 | 7.5 | 9y ago | Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | |||
| CVE-2016-4949 | high | 7.5 | 7.5 | 9y ago | Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | |||
| CVE-2016-9164 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA… | |||
| CVE-2016-6244 | high | 7.5 | 7.5 | 9y ago | The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | |||
| CVE-2016-8236 | high | 7.5 | 7.5 | 9y ago | Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | |||
| CVE-2016-3127 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys … | |||
| CVE-2016-7972 | high | 7.5 | 7.5 | 9y ago | The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | |||
| CVE-2016-7970 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-7969 | high | 7.5 | 7.5 | 9y ago | The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping … | |||
| CVE-2016-10067 | high | 7.5 | 7.5 | 9y ago | magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||
| CVE-2016-6485 | high | 7.5 | 7.5 | 9y ago | Unauthenticated crypto and weak IV in Magento\Framework\Encryption | |||
| CVE-2016-10207 | high | 7.5 | 7.5 | 9y ago | The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. | |||
| CVE-2016-10109 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the… | |||
| CVE-2016-9956 | high | 7.5 | 7.5 | 9y ago | The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | |||
| CVE-2016-9049 | high | 7.5 | 7.5 | 9y ago | An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a nu… | |||
| CVE-2016-10227 | high | 7.5 | 7.5 | 9y ago | Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | |||
| CVE-2016-7667 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a de… | |||
| CVE-2016-7662 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … | |||
| CVE-2016-4693 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … | |||
| CVE-2016-4689 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked… | |||
| CVE-2016-5044 | high | 7.5 | 7.5 | 9y ago | The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. | |||
| CVE-2016-5043 | high | 7.5 | 7.5 | 9y ago | The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. | |||
| CVE-2016-5042 | high | 7.5 | 7.5 | 9y ago | The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section. | |||
| CVE-2016-5040 | high | 7.5 | 7.5 | 9y ago | libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. | |||
| CVE-2016-5039 | high | 7.5 | 7.5 | 9y ago | The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on. | |||
| CVE-2016-5038 | high | 7.5 | 7.5 | 9y ago | The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .deb… | |||
| CVE-2016-5036 | high | 7.5 | 7.5 | 9y ago | The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data. | |||
| CVE-2016-9637 | high | 7.5 | 7.5 | 9y ago | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vector… | |||
| CVE-2016-5417 | high | 7.5 | 7.5 | 9y ago | Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (me… | |||
| CVE-2016-5919 | high | 7.5 | 7.5 | 9y ago | IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1… | |||
| CVE-2016-8689 | high | 7.5 | 7.5 | 9y ago | The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a h… | |||
| CVE-2016-8687 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a fi… | |||
| CVE-2016-8682 | high | 7.5 | 7.5 | 9y ago | The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||
| CVE-2016-6866 | high | 7.5 | 7.5 | 9y ago | slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | |||
| CVE-2016-1888 | high | 7.5 | 7.5 | 9y ago | The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation fa… | |||
| CVE-2016-9367 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9364 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the … | |||
| CVE-2016-9344 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able … | |||
| CVE-2016-8374 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versio… | |||
| CVE-2016-8370 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypte… | |||
| CVE-2016-8346 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log fi… | |||
| CVE-2016-7987 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted pac… | |||
| CVE-2016-5801 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account password… | |||
| CVE-2016-5798 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based bu… | |||
| CVE-2016-5786 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the co… | |||
| CVE-2016-6129 | high | 7.5 | 7.5 | 9y ago | The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes i… | |||
| CVE-2016-4547 | high | 7.5 | 7.5 | 9y ago | Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | |||
| CVE-2016-3995 | high | 7.5 | 7.5 | 9y ago | The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows atta… | |||
| CVE-2016-10026 | high | 7.5 | 7.5 | 9y ago | ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote a… |