CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3063 | high | 7.5 | 7.5 | 9y ago | Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified ve… | |||
| CVE-2016-7164 | high | 7.5 | 7.5 | 9y ago | The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. | |||
| CVE-2016-6131 | high | 7.5 | 7.5 | 9y ago | The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | |||
| CVE-2016-1504 | high | 7.5 | 7.5 | 9y ago | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. | |||
| CVE-2016-7800 | high | 7.5 | 7.5 | 9y ago | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, wh… | |||
| CVE-2016-7449 | high | 7.5 | 7.5 | 9y ago | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |||
| CVE-2016-7448 | high | 7.5 | 7.5 | 9y ago | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and… | |||
| CVE-2016-9108 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (applicatio… | |||
| CVE-2016-8212 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These sp… | |||
| CVE-2016-8211 | high | 7.5 | 7.5 | 10y ago | EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a pa… | |||
| CVE-2016-9008 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | |||
| CVE-2016-8919 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. | |||
| CVE-2016-6068 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. | |||
| CVE-2016-2942 | high | 7.5 | 7.5 | 10y ago | IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | |||
| CVE-2016-5958 | high | 7.5 | 7.5 | 10y ago | IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By interceptin… | |||
| CVE-2016-3017 | high | 7.5 | 7.5 | 10y ago | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. | |||
| CVE-2016-9418 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a … | |||
| CVE-2016-9415 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import." | |||
| CVE-2016-9414 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload director… | |||
| CVE-2016-9410 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates. | |||
| CVE-2016-9249 | high | 7.5 | 7.5 | 10y ago | An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | |||
| CVE-2016-10087 | high | 7.5 | 7.5 | 10y ago | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL poi… | |||
| CVE-2016-9939 | high | 7.5 | 7.5 | 10y ago | Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is no… | |||
| CVE-2016-7544 | high | 7.5 | 7.5 | 10y ago | Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then t… | |||
| CVE-2016-10186 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. | |||
| CVE-2016-10185 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||
| CVE-2016-10184 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | |||
| CVE-2016-10183 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | |||
| CVE-2016-10181 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | |||
| CVE-2016-10180 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | |||
| CVE-2016-10179 | high | 7.5 | 7.5 | 10y ago | An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. | |||
| CVE-2016-6264 | high | 7.5 | 7.5 | 10y ago | Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the m… | |||
| CVE-2016-5827 | high | 7.5 | 7.5 | 10y ago | The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. | |||
| CVE-2016-5826 | high | 7.5 | 7.5 | 10y ago | The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | |||
| CVE-2016-5546 | high | 7.5 | 7.5 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedd… | |||
| CVE-2016-5822 | high | 7.5 | 7.5 | 10y ago | Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | |||
| CVE-2016-9448 | high | 7.5 | 7.5 | 10y ago | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_… | |||
| CVE-2016-10003 | high | 7.5 | 7.5 | 10y ago | Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as … | |||
| CVE-2016-10002 | high | 7.5 | 7.5 | 10y ago | Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Co… | |||
| CVE-2016-10162 | high | 7.5 | 7.5 | 10y ago | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application c… | |||
| CVE-2016-10161 | high | 7.5 | 7.5 | 10y ago | The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read… | |||
| CVE-2016-10159 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or applic… | |||
| CVE-2016-10158 | high | 7.5 | 7.5 | 10y ago | The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via … | |||
| CVE-2016-9446 | high | 7.5 | 7.5 | 10y ago | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that… | |||
| CVE-2016-9445 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |||
| CVE-2016-9381 | high | 7.5 | 7.5 | 10y ago | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||
| CVE-2016-9380 | high | 7.5 | 7.5 | 10y ago | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in… | |||
| CVE-2016-7037 | high | 7.5 | 7.5 | 10y ago | The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac… | |||
| CVE-2016-6920 | high | 7.5 | 7.5 | 10y ago | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile … | |||
| CVE-2016-6668 | high | 7.5 | 7.5 | 10y ago | The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA … | |||
| CVE-2016-6160 | high | 7.5 | 7.5 | 10y ago | tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | |||
| CVE-2016-5119 | high | 7.5 | 7.5 | 10y ago | The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | |||
| CVE-2016-5323 | high | 7.5 | 7.5 | 10y ago | The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. | |||
| CVE-2016-10143 | high | 7.5 | 7.5 | 10y ago | A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | |||
| CVE-2016-9680 | high | 7.5 | 7.5 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||
| CVE-2016-6497 | high | 7.5 | 7.5 | 10y ago | main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc… | |||
| CVE-2016-6271 | high | 7.5 | 7.5 | 10y ago | The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | |||
| CVE-2016-4019 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. | |||
| CVE-2016-3413 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. | |||
| CVE-2016-3405 | high | 7.5 | 7.5 | 10y ago | Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. | |||
| CVE-2016-3404 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. | |||
| CVE-2016-3402 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. | |||
| CVE-2016-9297 | high | 7.5 | 7.5 | 10y ago | The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||
| CVE-2016-9279 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Sam… | |||
| CVE-2016-9109 | high | 7.5 | 7.5 | 10y ago | Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-… | |||
| CVE-2016-7997 | high | 7.5 | 7.5 | 10y ago | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |||
| CVE-2016-7564 | high | 7.5 | 7.5 | 10y ago | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | |||
| CVE-2016-7563 | high | 7.5 | 7.5 | 10y ago | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | |||
| CVE-2016-6823 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds writ… | |||
| CVE-2016-8207 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files incl… | |||
| CVE-2016-8206 | high | 7.5 | 7.5 | 10y ago | A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary fi… | |||
| CVE-2016-9812 | high | 7.5 | 7.5 | 10y ago | The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. | |||
| CVE-2016-9808 | high | 7.5 | 7.5 | 10y ago | The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | |||
| CVE-2016-9312 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |||
| CVE-2016-9107 | high | 7.5 | 7.5 | 10y ago | The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-7426 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent r… | |||
| CVE-2016-6886 | high | 7.5 | 7.5 | 10y ago | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret k… | |||
| CVE-2016-6885 | high | 7.5 | 7.5 | 10y ago | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | |||
| CVE-2016-9882 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in C… | |||
| CVE-2016-10140 | high | 7.5 | 7.5 | 10y ago | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker t… | |||
| CVE-2016-3151 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devi… | |||
| CVE-2016-9444 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS r… | |||
| CVE-2016-9147 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency amon… | |||
| CVE-2016-9131 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed re… | |||
| CVE-2016-6820 | high | 7.5 | 7.5 | 10y ago | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. | |||
| CVE-2016-7478 | high | 7.5 | 7.5 | 10y ago | Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data… | |||
| CVE-2016-6831 | high | 7.5 | 7.5 | 10y ago | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exh… | |||
| CVE-2016-6581 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. T… | |||
| CVE-2016-6580 | high | 7.5 | 7.5 | 10y ago | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every p… | |||
| CVE-2016-6287 | high | 7.5 | 7.5 | 10y ago | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this … | |||
| CVE-2016-6286 | high | 7.5 | 7.5 | 10y ago | The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable… | |||
| CVE-2016-9879 | high | 7.5 | 7.5 | 10y ago | Security Constraint Bypass in Spring Security | |||
| CVE-2016-6892 | high | 7.5 | 7.5 | 10y ago | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. | |||
| CVE-2016-6891 | high | 7.5 | 7.5 | 10y ago | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. | |||
| CVE-2016-6894 | high | 7.5 | 7.5 | 10y ago | Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets … | |||
| CVE-2016-9934 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as… | |||
| CVE-2016-9933 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote atta… | |||
| CVE-2016-8860 | high | 7.5 | 7.5 | 10y ago | Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that… | |||
| CVE-2016-10097 | high | 7.5 | 7.5 | 10y ago | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | |||
| CVE-2016-9878 | high | 7.5 | 7.5 | 10y ago | Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized |