CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2181 | high | 7.5 | 7.5 | 10y ago | The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cau… | |||
| CVE-2016-2179 | high | 7.5 | 7.5 | 10y ago | The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial … | |||
| CVE-2016-3377 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3375 | high | 7.5 | 7.5 | 10y ago | The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Serv… | |||
| CVE-2016-3369 | high | 7.5 | 7.5 | 10y ago | Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability." | |||
| CVE-2016-3350 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3330 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-3295 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows… | |||
| CVE-2016-3294 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-6399 | high | 7.5 | 7.5 | 10y ago | Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via … | |||
| CVE-2016-6371 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafte… | |||
| CVE-2016-7132 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… | |||
| CVE-2016-7131 | high | 7.5 | 7.5 | 10y ago | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… | |||
| CVE-2016-7130 | high | 7.5 | 7.5 | 10y ago | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) o… | |||
| CVE-2016-7125 | high | 7.5 | 7.5 | 10y ago | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session d… | |||
| CVE-2016-1469 | high | 7.5 | 7.5 | 10y ago | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | |||
| CVE-2016-1263 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 … | |||
| CVE-2016-6263 | high | 7.5 | 7.5 | 10y ago | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | |||
| CVE-2016-6262 | high | 7.5 | 7.5 | 10y ago | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE… | |||
| CVE-2016-6261 | high | 7.5 | 7.5 | 10y ago | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | |||
| CVE-2016-7107 | high | 7.5 | 7.5 | 10y ago | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. | |||
| CVE-2016-6899 | high | 7.5 | 7.5 | 10y ago | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers… | |||
| CVE-2016-6876 | high | 7.5 | 7.5 | 10y ago | The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP A… | |||
| CVE-2016-6838 | high | 7.5 | 7.5 | 10y ago | Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 … | |||
| CVE-2016-6346 | high | 7.5 | 7.5 | 10y ago | Denial of service in JBoss resteasy | |||
| CVE-2016-7113 | high | 7.5 | 7.5 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-1472 | high | 7.5 | 7.5 | 10y ago | The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request,… | |||
| CVE-2016-2183 | high | 7.5 | 7.5 | 10y ago | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for re… | |||
| CVE-2016-5049 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in … | |||
| CVE-2016-4378 | high | 7.5 | 7.5 | 10y ago | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Editio… | |||
| CVE-2016-5023 | high | 7.5 | 7.5 | 10y ago | Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote att… | |||
| CVE-2016-5673 | high | 7.5 | 7.5 | 10y ago | UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP addre… | |||
| CVE-2016-5650 | high | 7.5 | 7.5 | 10y ago | ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID valu… | |||
| CVE-2016-6364 | high | 7.5 | 7.5 | 10y ago | The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspec… | |||
| CVE-2016-6355 | high | 7.5 | 7.5 | 10y ago | Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) … | |||
| CVE-2016-1484 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||
| CVE-2016-1479 | high | 7.5 | 7.5 | 10y ago | Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||
| CVE-2016-10173 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | |||
| CVE-2016-5736 | high | 7.5 | 7.5 | 10y ago | The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.… | |||
| CVE-2016-6317 | high | 7.5 | 7.5 | 10y ago | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote a… | |||
| CVE-2016-5420 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leve… | |||
| CVE-2016-5419 | high | 7.5 | 7.5 | 10y ago | curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||
| CVE-2016-3322 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability tha… | |||
| CVE-2016-3296 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3293 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." | |||
| CVE-2016-3290 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20… | |||
| CVE-2016-3289 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability tha… | |||
| CVE-2016-1478 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many cr… | |||
| CVE-2016-1466 | high | 7.5 | 7.5 | 10y ago | Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of serv… | |||
| CVE-2016-1429 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | |||
| CVE-2016-5141 | high | 7.5 | 7.5 | 10y ago | Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.… | |||
| CVE-2016-5350 | high | 7.5 | 7.5 | 10y ago | epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial … | |||
| CVE-2016-6128 | high | 7.5 | 7.5 | 10y ago | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2016-3831 | high | 7.5 | 7.5 | 10y ago | The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ t… | |||
| CVE-2016-6148 | high | 7.5 | 7.5 | 10y ago | SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 22… | |||
| CVE-2016-6232 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, r… | |||
| CVE-2016-2180 | high | 7.5 | 7.5 | 10y ago | The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial… | |||
| CVE-2016-1461 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | |||
| CVE-2016-1463 | high | 7.5 | 7.5 | 10y ago | Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | |||
| CVE-2016-5127 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2016-5874 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | |||
| CVE-2016-5744 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | |||
| CVE-2016-4632 | high | 7.5 | 7.5 | 10y ago | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2016-4591 | high | 7.5 | 7.5 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | |||
| CVE-2016-5449 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. | |||
| CVE-2016-3528 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via ve… | |||
| CVE-2016-3526 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3515 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unk… | |||
| CVE-2016-3479 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-3471 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | |||
| CVE-2016-5654 | high | 7.5 | 7.5 | 10y ago | Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter. | |||
| CVE-2016-5790 | high | 7.5 | 7.5 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | |||
| CVE-2016-1450 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. | |||
| CVE-2016-1426 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | |||
| CVE-2016-4974 | high | 7.5 | 7.5 | 10y ago | Improper Input Validation in Apache Qpid AMQP 0-x JMS | |||
| CVE-2016-4216 | high | 7.5 | 7.5 | 10y ago | Moderate severity vulnerability that affects com.adobe.xmp:xmpcore | |||
| CVE-2016-3264 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-3255 | high | 7.5 | 7.5 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entit… | |||
| CVE-2016-3246 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-3243 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2016-3242 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3241 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3240 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-4985 | high | 7.5 | 7.5 | 10y ago | OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2016-3766 | high | 7.5 | 7.5 | 10y ago | MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, w… | |||
| CVE-2016-3760 | high | 7.5 | 7.5 | 10y ago | Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the pri… | |||
| CVE-2016-3756 | high | 7.5 | 7.5 | 10y ago | Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attacker… | |||
| CVE-2016-3755 | high | 7.5 | 7.5 | 10y ago | decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or r… | |||
| CVE-2016-3754 | high | 7.5 | 7.5 | 10y ago | mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-3753 | high | 7.5 | 7.5 | 10y ago | mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135. | |||
| CVE-2016-3744 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers t… | |||
| CVE-2016-4463 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | |||
| CVE-2016-2945 | high | 7.5 | 7.5 | 10y ago | The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an… | |||
| CVE-2016-2119 | high | 7.5 | 7.5 | 10y ago | libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently … | |||
| CVE-2016-2923 | high | 7.5 | 7.5 | 10y ago | IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, whi… | |||
| CVE-2016-4979 | high | 7.5 | 7.5 | 10y ago | The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow… | |||
| CVE-2016-4957 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. | |||
| CVE-2016-4954 | high | 7.5 | 7.5 | 10y ago | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many sou… | |||
| CVE-2016-4953 | high | 7.5 | 7.5 | 10y ago | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at… | |||
| CVE-2016-4433 | high | 7.5 | 7.5 | 10y ago | Apache Struts Open Redirect |