CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6173 | high | 7.5 | 7.5 | 9y ago | NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | |||
| CVE-2016-4986 | high | 7.5 | 7.5 | 9y ago | Jenkins TAP Plugin allows Path Traversal | |||
| CVE-2016-2147 | high | 7.5 | 7.5 | 9y ago | Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-o… | |||
| CVE-2016-10199 | high | 7.5 | 7.5 | 9y ago | The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a … | |||
| CVE-2016-4341 | high | 7.5 | 7.5 | 9y ago | NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | |||
| CVE-2016-3063 | high | 7.5 | 7.5 | 9y ago | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified ve… | |||
| CVE-2016-7164 | high | 7.5 | 7.5 | 9y ago | The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. | |||
| CVE-2016-6131 | high | 7.5 | 7.5 | 9y ago | The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | |||
| CVE-2016-1504 | high | 7.5 | 7.5 | 9y ago | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. | |||
| CVE-2016-7800 | high | 7.5 | 7.5 | 9y ago | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, wh… | |||
| CVE-2016-7449 | high | 7.5 | 7.5 | 9y ago | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |||
| CVE-2016-7448 | high | 7.5 | 7.5 | 9y ago | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and… | |||
| CVE-2016-9108 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (applicatio… | |||
| CVE-2016-8212 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These sp… | |||
| CVE-2016-8211 | high | 7.5 | 7.5 | 10y ago | EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a pa… | |||
| CVE-2016-9008 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | |||
| CVE-2016-8919 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. | |||
| CVE-2016-6068 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | |||
| CVE-2016-2942 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | |||
| CVE-2016-5958 | high | 7.5 | 7.5 | 10y ago | IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interceptin… | |||
| CVE-2016-3017 | high | 7.5 | 7.5 | 10y ago | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | |||
| CVE-2016-9418 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a … | |||
| CVE-2016-9415 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import." | |||
| CVE-2016-9414 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload director… | |||
| CVE-2016-9410 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates. | |||
| CVE-2016-9249 | high | 7.5 | 7.5 | 10y ago | An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | |||
| CVE-2016-10087 | high | 7.5 | 7.5 | 10y ago | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL poi… | |||
| CVE-2016-9939 | high | 7.5 | 7.5 | 10y ago | Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is no… | |||
| CVE-2016-7544 | high | 7.5 | 7.5 | 10y ago | Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then t… | |||
| CVE-2016-10186 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | |||
| CVE-2016-10185 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||
| CVE-2016-10184 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | |||
| CVE-2016-10183 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | |||
| CVE-2016-10181 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | |||
| CVE-2016-10180 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | |||
| CVE-2016-10179 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||
| CVE-2016-6264 | high | 7.5 | 7.5 | 10y ago | Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the m… | |||
| CVE-2016-5827 | high | 7.5 | 7.5 | 10y ago | The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. | |||
| CVE-2016-5826 | high | 7.5 | 7.5 | 10y ago | The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | |||
| CVE-2016-5546 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedd… | |||
| CVE-2016-5822 | high | 7.5 | 7.5 | 10y ago | Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | |||
| CVE-2016-9448 | high | 7.5 | 7.5 | 10y ago | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_… | |||
| CVE-2016-10003 | high | 7.5 | 7.5 | 10y ago | Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as … | |||
| CVE-2016-10002 | high | 7.5 | 7.5 | 10y ago | Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Co… | |||
| CVE-2016-10162 | high | 7.5 | 7.5 | 10y ago | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application c… | |||
| CVE-2016-10161 | high | 7.5 | 7.5 | 10y ago | The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read… | |||
| CVE-2016-10159 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or applic… | |||
| CVE-2016-10158 | high | 7.5 | 7.5 | 10y ago | The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via … | |||
| CVE-2016-9446 | high | 7.5 | 7.5 | 10y ago | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that… | |||
| CVE-2016-9445 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |||
| CVE-2016-9381 | high | 7.5 | 7.5 | 10y ago | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||
| CVE-2016-9380 | high | 7.5 | 7.5 | 10y ago | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in… | |||
| CVE-2016-7037 | high | 7.5 | 7.5 | 10y ago | The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac… | |||
| CVE-2016-6920 | high | 7.5 | 7.5 | 10y ago | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile … | |||
| CVE-2016-6668 | high | 7.5 | 7.5 | 10y ago | The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA … | |||
| CVE-2016-6160 | high | 7.5 | 7.5 | 10y ago | tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | |||
| CVE-2016-5119 | high | 7.5 | 7.5 | 10y ago | The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | |||
| CVE-2016-5323 | high | 7.5 | 7.5 | 10y ago | The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. | |||
| CVE-2016-10143 | high | 7.5 | 7.5 | 10y ago | A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | |||
| CVE-2016-9680 | high | 7.5 | 7.5 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||
| CVE-2016-6497 | high | 7.5 | 7.5 | 10y ago | main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc… | |||
| CVE-2016-6271 | high | 7.5 | 7.5 | 10y ago | The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | |||
| CVE-2016-4019 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. | |||
| CVE-2016-3413 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. | |||
| CVE-2016-3405 | high | 7.5 | 7.5 | 10y ago | Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. | |||
| CVE-2016-3404 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. | |||
| CVE-2016-3402 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. | |||
| CVE-2016-6897 | medium | 6.5 | 7.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio… | |||
| CVE-2016-9297 | high | 7.5 | 7.5 | 10y ago | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||
| CVE-2016-9279 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Sam… | |||
| CVE-2016-9109 | high | 7.5 | 7.5 | 10y ago | Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-… | |||
| CVE-2016-7997 | high | 7.5 | 7.5 | 10y ago | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |||
| CVE-2016-7564 | high | 7.5 | 7.5 | 10y ago | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | |||
| CVE-2016-7563 | high | 7.5 | 7.5 | 10y ago | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | |||
| CVE-2016-6823 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds writ… | |||
| CVE-2016-8207 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files incl… | |||
| CVE-2016-8206 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary fi… | |||
| CVE-2016-9812 | high | 7.5 | 7.5 | 10y ago | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | |||
| CVE-2016-9808 | high | 7.5 | 7.5 | 10y ago | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | |||
| CVE-2016-9312 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |||
| CVE-2016-9107 | high | 7.5 | 7.5 | 10y ago | The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-7426 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent r… | |||
| CVE-2016-6886 | high | 7.5 | 7.5 | 10y ago | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret k… | |||
| CVE-2016-6885 | high | 7.5 | 7.5 | 10y ago | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | |||
| CVE-2016-9882 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in C… | |||
| CVE-2016-10140 | high | 7.5 | 7.5 | 10y ago | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker t… | |||
| CVE-2016-3151 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devi… | |||
| CVE-2016-9444 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS r… | |||
| CVE-2016-9147 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency amon… | |||
| CVE-2016-9131 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed re… | |||
| CVE-2016-6820 | high | 7.5 | 7.5 | 10y ago | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | |||
| CVE-2016-7478 | high | 7.5 | 7.5 | 10y ago | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data… | |||
| CVE-2016-6831 | high | 7.5 | 7.5 | 10y ago | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exh… | |||
| CVE-2016-6581 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. T… | |||
| CVE-2016-6580 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every p… | |||
| CVE-2016-6287 | high | 7.5 | 7.5 | 10y ago | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this … | |||
| CVE-2016-6286 | high | 7.5 | 7.5 | 10y ago | The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable… | |||
| CVE-2016-9879 | high | 7.5 | 7.5 | 10y ago | Security Constraint Bypass in Spring Security | |||
| CVE-2016-6892 | high | 7.5 | 7.5 | 10y ago | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | |||
| CVE-2016-6891 | high | 7.5 | 7.5 | 10y ago | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. |