CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6894 | high | 7.5 | 7.5 | 10y ago | Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets … | |||
| CVE-2016-9934 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as… | |||
| CVE-2016-9933 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote atta… | |||
| CVE-2016-8860 | high | 7.5 | 7.5 | 10y ago | Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that… | |||
| CVE-2016-10097 | high | 7.5 | 7.5 | 10y ago | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | |||
| CVE-2016-9878 | high | 7.5 | 7.5 | 10y ago | Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized | |||
| CVE-2016-10041 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisi… | |||
| CVE-2016-9037 | high | 7.5 | 7.5 | 10y ago | An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element… | |||
| CVE-2016-9036 | high | 7.5 | 7.5 | 10y ago | An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly ret… | |||
| CVE-2016-9154 | high | 7.5 | 7.5 | 10y ago | Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modu… | |||
| CVE-2016-9179 | high | 7.5 | 7.5 | 10y ago | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | |||
| CVE-2016-7172 | high | 7.5 | 7.5 | 10y ago | NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | |||
| CVE-2016-2349 | high | 7.5 | 7.5 | 10y ago | Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | |||
| CVE-2016-7297 | high | 7.5 | 7.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7296 | high | 7.5 | 7.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7279 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-7270 | high | 7.5 | 7.5 | 10y ago | The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain se… | |||
| CVE-2016-7181 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-10005 | high | 7.5 | 7.5 | 10y ago | Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | |||
| CVE-2016-9951 | medium | 6.5 | 7.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |||
| CVE-2016-9158 | high | 7.5 | 7.5 | 10y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and b… | |||
| CVE-2016-9837 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all… | |||
| CVE-2016-7889 | high | 7.5 | 7.5 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||
| CVE-2016-7887 | high | 7.5 | 7.5 | 10y ago | Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. | |||
| CVE-2016-4028 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle… | |||
| CVE-2016-9212 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect… | |||
| CVE-2016-9211 | high | 7.5 | 7.5 | 10y ago | A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reloa… | |||
| CVE-2016-9210 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file … | |||
| CVE-2016-9205 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting … | |||
| CVE-2016-9203 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. Mor… | |||
| CVE-2016-9201 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based… | |||
| CVE-2016-9198 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More… | |||
| CVE-2016-9193 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2016-6469 | high | 7.5 | 7.5 | 10y ago | A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the… | |||
| CVE-2016-6467 | high | 7.5 | 7.5 | 10y ago | A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected relo… | |||
| CVE-2016-6464 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages th… | |||
| CVE-2016-7952 | high | 7.5 | 7.5 | 10y ago | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category with… | |||
| CVE-2016-7946 | high | 7.5 | 7.5 | 10y ago | X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | |||
| CVE-2016-7945 | high | 7.5 | 7.5 | 10y ago | Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | |||
| CVE-2016-5842 | high | 7.5 | 7.5 | 10y ago | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | |||
| CVE-2016-9937 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters sep… | |||
| CVE-2016-9864 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the contro… | |||
| CVE-2016-9863 | high | 7.5 | 7.5 | 10y ago | phpMyAdmin DoS Vulnerability | |||
| CVE-2016-9862 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||
| CVE-2016-9861 | high | 7.5 | 7.5 | 10y ago | phpMyAdmin Bypass white-list protection for URL redirection | |||
| CVE-2016-6631 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a use… | |||
| CVE-2016-6616 | high | 7.5 | 7.5 | 10y ago | An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.… | |||
| CVE-2016-6321 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files v… | |||
| CVE-2016-6301 | high | 7.5 | 7.5 | 10y ago | The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a… | |||
| CVE-2016-8858 | high | 7.5 | 7.5 | 10y ago | The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE:… | |||
| CVE-2016-9920 | high | 7.5 | 7.5 | 10y ago | steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-… | |||
| CVE-2016-9919 | high | 7.5 | 7.5 | 10y ago | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a… | |||
| CVE-2016-9918 | high | 7.5 | 7.5 | 10y ago | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in … | |||
| CVE-2016-9917 | high | 7.5 | 7.5 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||
| CVE-2016-9839 | high | 7.5 | 7.5 | 10y ago | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||
| CVE-2016-9479 | high | 7.5 | 7.5 | 10y ago | The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | |||
| CVE-2016-3012 | high | 7.5 | 7.5 | 10y ago | IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended acces… | |||
| CVE-2016-2876 | high | 7.5 | 7.5 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access… | |||
| CVE-2016-9564 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | |||
| CVE-2016-0319 | high | 7.5 | 7.5 | 10y ago | The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of… | |||
| CVE-2016-9450 | high | 7.5 | 7.5 | 10y ago | Drupal Incorrect cache context on password reset page | |||
| CVE-2016-9562 | high | 7.5 | 7.5 | 10y ago | SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP … | |||
| CVE-2016-6466 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels fr… | |||
| CVE-2016-6460 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass F… | |||
| CVE-2016-6458 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configur… | |||
| CVE-2016-9296 | high | 7.5 | 7.5 | 10y ago | A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams… | |||
| CVE-2016-9294 | high | 7.5 | 7.5 | 10y ago | Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed label… | |||
| CVE-2016-9283 | high | 7.5 | 7.5 | 10y ago | SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related … | |||
| CVE-2016-9282 | high | 7.5 | 7.5 | 10y ago | SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_… | |||
| CVE-2016-9277 | high | 7.5 | 7.5 | 10y ago | Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an o… | |||
| CVE-2016-7247 | high | 7.5 | 7.5 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protect… | |||
| CVE-2016-7243 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7242 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7237 | medium | 6.5 | 7.5 | 10y ago | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win… | |||
| CVE-2016-7208 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7198 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-7196 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows… | |||
| CVE-2016-7195 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-4959 | high | 7.5 | 7.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a … | |||
| CVE-2016-9184 | high | 7.5 | 7.5 | 10y ago | In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table name… | |||
| CVE-2016-9183 | high | 7.5 | 7.5 | 10y ago | In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses t… | |||
| CVE-2016-9182 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Ex… | |||
| CVE-2016-9177 | high | 7.5 | 7.5 | 10y ago | Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI | |||
| CVE-2016-6455 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sess… | |||
| CVE-2016-9136 | high | 7.5 | 7.5 | 10y ago | Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a… | |||
| CVE-2016-9135 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | |||
| CVE-2016-9134 | high | 7.5 | 7.5 | 10y ago | Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | |||
| CVE-2016-7452 | high | 7.5 | 7.5 | 10y ago | The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||
| CVE-2016-7160 | high | 7.5 | 7.5 | 10y ago | A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | |||
| CVE-2016-8864 | high | 7.5 | 7.5 | 10y ago | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record… | |||
| CVE-2016-8203 | high | 7.5 | 7.5 | 10y ago | A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of… | |||
| CVE-2016-8876 | high | 7.5 | 7.5 | 10y ago | Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embed… | |||
| CVE-2016-7991 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and … | |||
| CVE-2016-7989 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the… | |||
| CVE-2016-7988 | high | 7.5 | 7.5 | 10y ago | On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configur… | |||
| CVE-2016-9114 | high | 7.5 | 7.5 | 10y ago | There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Servi… | |||
| CVE-2016-9113 | high | 7.5 | 7.5 | 10y ago | There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. | |||
| CVE-2016-9112 | high | 7.5 | 7.5 | 10y ago | Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. | |||
| CVE-2016-7506 | high | 7.5 | 7.5 | 10y ago | An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue … | |||
| CVE-2016-4396 | high | 7.5 | 7.5 | 10y ago | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. |