CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6357 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypas… | |||
| CVE-2016-6356 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to sto… | |||
| CVE-2016-1486 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenti… | |||
| CVE-2016-1481 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS)… | |||
| CVE-2016-1480 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… | |||
| CVE-2016-6446 | high | 7.5 | 7.5 | 10y ago | A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Release… | |||
| CVE-2016-6439 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) … | |||
| CVE-2016-6431 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vul… | |||
| CVE-2016-5500 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. | |||
| CVE-2016-5495 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. | |||
| CVE-2016-1000215 | high | 7.5 | 7.5 | 10y ago | Ruckus Wireless H500 web management interface denial of service | |||
| CVE-2016-1000032 | high | 7.5 | 7.5 | 10y ago | TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | |||
| CVE-2016-2848 | high | 7.5 | 7.5 | 10y ago | ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource recor… | |||
| CVE-2016-8666 | high | 7.5 | 7.5 | 10y ago | The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO p… | |||
| CVE-2016-7039 | high | 7.5 | 7.5 | 10y ago | The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GR… | |||
| CVE-2016-3390 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3389 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3385 | high | 7.5 | 7.5 | 10y ago | The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Script… | |||
| CVE-2016-3384 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3383 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corrupti… | |||
| CVE-2016-3382 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3331 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-3635 | high | 7.5 | 7.5 | 10y ago | SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connectio… | |||
| CVE-2016-8563 | high | 7.5 | 7.5 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | |||
| CVE-2016-6323 | high | 7.5 | 7.5 | 10y ago | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-depe… | |||
| CVE-2016-6273 | high | 7.5 | 7.5 | 10y ago | The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License … | |||
| CVE-2016-1000009 | high | 7.5 | 7.5 | 10y ago | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | |||
| CVE-2016-6653 | high | 7.5 | 7.5 | 10y ago | The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cle… | |||
| CVE-2016-6422 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass … | |||
| CVE-2016-6023 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary… | |||
| CVE-2016-6426 | high | 7.5 | 7.5 | 10y ago | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers… | |||
| CVE-2016-6393 | high | 7.5 | 7.5 | 10y ago | The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connect… | |||
| CVE-2016-6391 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSC… | |||
| CVE-2016-6385 | high | 7.5 | 7.5 | 10y ago | Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via… | |||
| CVE-2016-6379 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | |||
| CVE-2016-6378 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853. | |||
| CVE-2016-1455 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP t… | |||
| CVE-2016-6392 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Sour… | |||
| CVE-2016-6386 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID C… | |||
| CVE-2016-6384 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka … | |||
| CVE-2016-6382 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) registe… | |||
| CVE-2016-6381 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka B… | |||
| CVE-2016-4551 | high | 7.5 | 7.5 | 10y ago | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the … | |||
| CVE-2016-1246 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | |||
| CVE-2016-8343 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-6419 | high | 7.5 | 7.5 | 10y ago | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur2548… | |||
| CVE-2016-5983 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbi… | |||
| CVE-2016-5085 | high | 7.5 | 7.5 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an auth… | |||
| CVE-2016-5084 | high | 7.5 | 7.5 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2016-2307 | high | 7.5 | 7.5 | 10y ago | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read… | |||
| CVE-2016-8278 | high | 7.5 | 7.5 | 10y ago | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||
| CVE-2016-7141 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse o… | |||
| CVE-2016-7401 | high | 7.5 | 7.5 | 10y ago | The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting … | |||
| CVE-2016-7031 | high | 7.5 | 7.5 | 10y ago | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | |||
| CVE-2016-6352 | high | 7.5 | 7.5 | 10y ago | The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||
| CVE-2016-7445 | high | 7.5 | 7.5 | 10y ago | convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | |||
| CVE-2016-3658 | high | 7.5 | 7.5 | 10y ago | The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vecto… | |||
| CVE-2016-3634 | high | 7.5 | 7.5 | 10y ago | The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag … | |||
| CVE-2016-3633 | high | 7.5 | 7.5 | 10y ago | The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | |||
| CVE-2016-3631 | high | 7.5 | 7.5 | 10y ago | The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytec… | |||
| CVE-2016-3624 | high | 7.5 | 7.5 | 10y ago | The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. | |||
| CVE-2016-3623 | high | 7.5 | 7.5 | 10y ago | The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | |||
| CVE-2016-3620 | high | 7.5 | 7.5 | 10y ago | The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a … | |||
| CVE-2016-5986 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote a… | |||
| CVE-2016-7444 | high | 7.5 | 7.5 | 10y ago | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to … | |||
| CVE-2016-7045 | high | 7.5 | 7.5 | 10y ago | The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of … | |||
| CVE-2016-7044 | high | 7.5 | 7.5 | 10y ago | The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and c… | |||
| CVE-2016-7052 | high | 7.5 | 7.5 | 10y ago | crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | |||
| CVE-2016-6305 | high | 7.5 | 7.5 | 10y ago | The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_… | |||
| CVE-2016-6304 | high | 7.5 | 7.5 | 10y ago | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status… | |||
| CVE-2016-6142 | high | 7.5 | 7.5 | 10y ago | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | |||
| CVE-2016-7162 | high | 7.5 | 7.5 | 10y ago | The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | |||
| CVE-2016-6518 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malforme… | |||
| CVE-2016-3110 | high | 7.5 | 7.5 | 10y ago | mod_cluster Denial of Service vulnerability | |||
| CVE-2016-5996 | high | 7.5 | 7.5 | 10y ago | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… | |||
| CVE-2016-5957 | high | 7.5 | 7.5 | 10y ago | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by lever… | |||
| CVE-2016-4772 | high | 7.5 | 7.5 | 10y ago | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. | |||
| CVE-2016-4754 | high | 7.5 | 7.5 | 10y ago | ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||
| CVE-2016-4711 | high | 7.5 | 7.5 | 10y ago | CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for i… | |||
| CVE-2016-6411 | high | 7.5 | 7.5 | 10y ago | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settin… | |||
| CVE-2016-6409 | high | 7.5 | 7.5 | 10y ago | The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traff… | |||
| CVE-2016-6408 | high | 7.5 | 7.5 | 10y ago | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML Externa… | |||
| CVE-2016-6669 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allo… | |||
| CVE-2016-6159 | high | 7.5 | 7.5 | 10y ago | The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special … | |||
| CVE-2016-5427 | high | 7.5 | 7.5 | 10y ago | PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a cra… | |||
| CVE-2016-5426 | high | 7.5 | 7.5 | 10y ago | PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | |||
| CVE-2016-5418 | high | 7.5 | 7.5 | 10y ago | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive fil… | |||
| CVE-2016-4809 | high | 7.5 | 7.5 | 10y ago | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO … | |||
| CVE-2016-6802 | high | 7.5 | 7.5 | 10y ago | Improper Access Control in Apache Shiro | |||
| CVE-2016-6537 | high | 7.5 | 7.5 | 10y ago | AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent a… | |||
| CVE-2016-4526 | high | 7.5 | 7.5 | 10y ago | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | |||
| CVE-2016-1483 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID C… | |||
| CVE-2016-6639 | high | 7.5 | 7.5 | 10y ago | Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and… | |||
| CVE-2016-0929 | high | 7.5 | 7.5 | 10y ago | The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitiv… | |||
| CVE-2016-0923 | high | 7.5 | 7.5 | 10y ago | The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes … | |||
| CVE-2016-7418 | high | 7.5 | 7.5 | 10y ago | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) o… | |||
| CVE-2016-7416 | high | 7.5 | 7.5 | 10y ago | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote atta… | |||
| CVE-2016-6407 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges… | |||
| CVE-2016-6936 | high | 7.5 | 7.5 | 10y ago | Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging a… | |||
| CVE-2016-6302 | high | 7.5 | 7.5 | 10y ago | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of serv… |