CVEs from 2016
Total
8,525
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0760 | high | 8.8 | 8.8 | 10y ago | Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive built… | |||
| CVE-2016-1458 | high | 8.8 | 8.8 | 10y ago | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devi… | |||
| CVE-2016-1457 | high | 8.8 | 8.8 | 10y ago | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Servic… | |||
| CVE-2016-1365 | high | 8.8 | 8.8 | 10y ago | The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafte… | |||
| CVE-2016-2875 | high | 8.8 | 8.8 | 10y ago | IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. | |||
| CVE-2016-1468 | high | 8.8 | 8.8 | 10y ago | The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCu… | |||
| CVE-2016-1430 | high | 8.8 | 8.8 | 10y ago | Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||
| CVE-2016-5145 | high | 8.8 | 8.8 | 10y ago | Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, … | |||
| CVE-2016-6635 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authent… | |||
| CVE-2016-5767 | high | 8.8 | 8.8 | 10y ago | Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote … | |||
| CVE-2016-5766 | high | 8.8 | 8.8 | 10y ago | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote … | |||
| CVE-2016-5264 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary c… | |||
| CVE-2016-5263 | high | 8.8 | 8.8 | 10y ago | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary cod… | |||
| CVE-2016-5261 | high | 8.8 | 8.8 | 10y ago | Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-5259 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a scrip… | |||
| CVE-2016-5258 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free… | |||
| CVE-2016-5255 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandl… | |||
| CVE-2016-5252 | high | 8.8 | 8.8 | 10y ago | Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted tw… | |||
| CVE-2016-2838 | high | 8.8 | 8.8 | 10y ago | Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via direct… | |||
| CVE-2016-2836 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2016-2835 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2016-5671 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of ar… | |||
| CVE-2016-6258 | high | 8.8 | 8.8 | 10y ago | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||
| CVE-2016-5138 | high | 8.8 | 8.8 | 10y ago | Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffe… | |||
| CVE-2016-1608 | high | 8.8 | 8.8 | 10y ago | vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer pa… | |||
| CVE-2016-4469 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repo… | |||
| CVE-2016-1374 | high | 8.8 | 8.8 | 10y ago | The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request… | |||
| CVE-2016-6152 | high | 8.8 | 8.8 | 10y ago | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-6151 | high | 8.8 | 8.8 | 10y ago | CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-6297 | high | 8.8 | 8.8 | 10y ago | Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (st… | |||
| CVE-2016-5136 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or po… | |||
| CVE-2016-5134 | high | 8.8 | 8.8 | 10y ago | net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows rem… | |||
| CVE-2016-5132 | high | 8.8 | 8.8 | 10y ago | The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows rem… | |||
| CVE-2016-5131 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via… | |||
| CVE-2016-5129 | high | 8.8 | 8.8 | 10y ago | Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruptio… | |||
| CVE-2016-5128 | high | 8.8 | 8.8 | 10y ago | objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remot… | |||
| CVE-2016-1711 | high | 8.8 | 8.8 | 10y ago | WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows … | |||
| CVE-2016-1710 | high | 8.8 | 8.8 | 10y ago | The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which… | |||
| CVE-2016-1709 | high | 8.8 | 8.8 | 10y ago | Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a deni… | |||
| CVE-2016-1708 | high | 8.8 | 8.8 | 10y ago | The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which… | |||
| CVE-2016-1705 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-4637 | high | 8.8 | 8.8 | 10y ago | CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt… | |||
| CVE-2016-4631 | high | 8.8 | 8.8 | 10y ago | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) … | |||
| CVE-2016-4630 | high | 8.8 | 8.8 | 10y ago | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. | |||
| CVE-2016-4624 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site,… | |||
| CVE-2016-4623 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site,… | |||
| CVE-2016-4622 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site,… | |||
| CVE-2016-4602 | high | 8.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerabilit… | |||
| CVE-2016-4601 | high | 8.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image. | |||
| CVE-2016-4600 | high | 8.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerabilit… | |||
| CVE-2016-4597 | high | 8.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerabilit… | |||
| CVE-2016-4596 | high | 8.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerabilit… | |||
| CVE-2016-4589 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site,… | |||
| CVE-2016-4588 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-4586 | high | 8.8 | 8.8 | 10y ago | WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-4584 | high | 8.8 | 8.8 | 10y ago | The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory cor… | |||
| CVE-2016-5474 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, an… | |||
| CVE-2016-5457 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vec… | |||
| CVE-2016-3554 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-0635 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component… | |||
| CVE-2016-1448 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. | |||
| CVE-2016-5661 | high | 8.8 | 8.8 | 10y ago | Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and … | |||
| CVE-2016-5637 | high | 8.8 | 8.8 | 10y ago | The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2016-1446 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | |||
| CVE-2016-4066 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unsp… | |||
| CVE-2016-4255 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on… | |||
| CVE-2016-4249 | high | 8.8 | 8.8 | 10y ago | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary c… | |||
| CVE-2016-4248 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4246 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4245 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4244 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4243 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4242 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4241 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4240 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4239 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4238 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4237 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4236 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4235 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4234 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4233 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4231 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4230 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4229 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4228 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4227 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4226 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4225 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecifi… | |||
| CVE-2016-4224 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecifi… | |||
| CVE-2016-4223 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecifi… | |||
| CVE-2016-4222 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4221 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4220 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4219 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4218 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4217 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4202 | high | 8.8 | 8.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4200 | high | 8.8 | 8.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4199 | high | 8.8 | 8.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… |