CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4431 | high | 7.5 | 7.5 | 10y ago | Apache Struts Access Control Redirect | |||
| CVE-2016-3092 | high | 7.5 | 7.5 | 10y ago | The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, all… | |||
| CVE-2016-5739 | high | 7.5 | 7.5 | 10y ago | The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, … | |||
| CVE-2016-5706 | high | 7.5 | 7.5 | 10y ago | js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet… | |||
| CVE-2016-3956 | high | 7.5 | 7.5 | 10y ago | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, wh… | |||
| CVE-2016-5360 | high | 7.5 | 7.5 | 10y ago | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impa… | |||
| CVE-2016-5301 | high | 7.5 | 7.5 | 10y ago | The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. | |||
| CVE-2016-4803 | high | 7.5 | 7.5 | 10y ago | CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | |||
| CVE-2016-5368 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) pack… | |||
| CVE-2016-5839 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. | |||
| CVE-2016-5838 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | |||
| CVE-2016-5837 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. | |||
| CVE-2016-5836 | high | 7.5 | 7.5 | 10y ago | The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-5835 | high | 7.5 | 7.5 | 10y ago | WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/re… | |||
| CVE-2016-5832 | high | 7.5 | 7.5 | 10y ago | The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | |||
| CVE-2016-0260 | high | 7.5 | 7.5 | 10y ago | Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors. | |||
| CVE-2016-5244 | high | 7.5 | 7.5 | 10y ago | The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from k… | |||
| CVE-2016-3949 | high | 7.5 | 7.5 | 10y ago | Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial o… | |||
| CVE-2016-4823 | high | 7.5 | 7.5 | 10y ago | Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | |||
| CVE-2016-1193 | high | 7.5 | 7.5 | 10y ago | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | |||
| CVE-2016-5697 | high | 7.5 | 7.5 | 10y ago | Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | |||
| CVE-2016-1438 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | |||
| CVE-2016-1436 | high | 7.5 | 7.5 | 10y ago | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of servi… | |||
| CVE-2016-2364 | high | 7.5 | 7.5 | 10y ago | The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote … | |||
| CVE-2016-4817 | high | 7.5 | 7.5 | 10y ago | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash… | |||
| CVE-2016-4815 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files … | |||
| CVE-2016-4814 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files v… | |||
| CVE-2016-1427 | high | 7.5 | 7.5 | 10y ago | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via c… | |||
| CVE-2016-5300 | high | 7.5 | 7.5 | 10y ago | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an … | |||
| CVE-2016-5361 | high | 7.5 | 7.5 | 10y ago | programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. N… | |||
| CVE-2016-3207 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3206 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3205 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-3202 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-5367 | high | 7.5 | 7.5 | 10y ago | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. | |||
| CVE-2016-5366 | high | 7.5 | 7.5 | 10y ago | Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | |||
| CVE-2016-4579 | high | 7.5 | 7.5 | 10y ago | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl… | |||
| CVE-2016-4574 | high | 7.5 | 7.5 | 10y ago | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded… | |||
| CVE-2016-4478 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC re… | |||
| CVE-2016-4414 | high | 7.5 | 7.5 | 10y ago | The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | |||
| CVE-2016-4356 | high | 7.5 | 7.5 | 10y ago | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after in… | |||
| CVE-2016-4355 | high | 7.5 | 7.5 | 10y ago | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||
| CVE-2016-4354 | high | 7.5 | 7.5 | 10y ago | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||
| CVE-2016-4353 | high | 7.5 | 7.5 | 10y ago | ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | |||
| CVE-2016-2821 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execu… | |||
| CVE-2016-3706 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vecto… | |||
| CVE-2016-1421 | high | 7.5 | 7.5 | 10y ago | A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in… | |||
| CVE-2016-4447 | high | 7.5 | 7.5 | 10y ago | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted … | |||
| CVE-2016-4367 | high | 7.5 | 7.5 | 10y ago | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4365 | high | 7.5 | 7.5 | 10y ago | HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4361 | high | 7.5 | 7.5 | 10y ago | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch … | |||
| CVE-2016-2027 | high | 7.5 | 7.5 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. | |||
| CVE-2016-2026 | high | 7.5 | 7.5 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. | |||
| CVE-2016-1405 | high | 7.5 | 7.5 | 10y ago | libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before… | |||
| CVE-2016-4545 | high | 7.5 | 7.5 | 10y ago | Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL al… | |||
| CVE-2016-4450 | high | 7.5 | 7.5 | 10y ago | os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, inv… | |||
| CVE-2016-1700 | high | 7.5 | 7.5 | 10y ago | extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cau… | |||
| CVE-2016-1691 | high | 7.5 | 7.5 | 10y ago | Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified o… | |||
| CVE-2016-1690 | high | 7.5 | 7.5 | 10y ago | The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to … | |||
| CVE-2016-1684 | high | 7.5 | 7.5 | 10y ago | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (intege… | |||
| CVE-2016-1683 | high | 7.5 | 7.5 | 10y ago | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory acc… | |||
| CVE-2016-3944 | high | 7.5 | 7.5 | 10y ago | UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | |||
| CVE-2016-4810 | high | 7.5 | 7.5 | 10y ago | Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Con… | |||
| CVE-2016-4423 | high | 7.5 | 7.5 | 10y ago | The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo… | |||
| CVE-2016-1902 | high | 7.5 | 7.5 | 10y ago | The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the par… | |||
| CVE-2016-3075 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack … | |||
| CVE-2016-1234 | high | 7.5 | 7.5 | 10y ago | Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) … | |||
| CVE-2016-4502 | high | 7.5 | 7.5 | 10y ago | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||
| CVE-2016-2295 | high | 7.5 | 7.5 | 10y ago | Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePor… | |||
| CVE-2016-2286 | high | 7.5 | 7.5 | 10y ago | Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePor… | |||
| CVE-2016-0879 | high | 7.5 | 7.5 | 10y ago | Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive informati… | |||
| CVE-2016-0878 | high | 7.5 | 7.5 | 10y ago | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. | |||
| CVE-2016-0877 | high | 7.5 | 7.5 | 10y ago | Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |||
| CVE-2016-0876 | high | 7.5 | 7.5 | 10y ago | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||
| CVE-2016-0875 | high | 7.5 | 7.5 | 10y ago | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||
| CVE-2016-2025 | high | 7.5 | 7.5 | 10y ago | HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Cata… | |||
| CVE-2016-1409 | high | 7.5 | 7.5 | 10y ago | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (pa… | |||
| CVE-2016-1404 | high | 7.5 | 7.5 | 10y ago | Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote atta… | |||
| CVE-2016-1410 | high | 7.5 | 7.5 | 10y ago | Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | |||
| CVE-2016-4786 | high | 7.5 | 7.5 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||
| CVE-2016-4021 | high | 7.5 | 7.5 | 10y ago | The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by t… | |||
| CVE-2016-1407 | high | 7.5 | 7.5 | 10y ago | Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection att… | |||
| CVE-2016-1400 | high | 7.5 | 7.5 | 10y ago | Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43… | |||
| CVE-2016-1383 | high | 7.5 | 7.5 | 10y ago | Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug… | |||
| CVE-2016-1382 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (… | |||
| CVE-2016-1381 | high | 7.5 | 7.5 | 10y ago | Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range … | |||
| CVE-2016-1380 | high | 7.5 | 7.5 | 10y ago | Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo1… | |||
| CVE-2016-4577 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers … | |||
| CVE-2016-4049 | high | 7.5 | 7.5 | 10y ago | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and d… | |||
| CVE-2016-3959 | high | 7.5 | 7.5 | 10y ago | Denial of service due to unchecked parameters in crypto/dsa | |||
| CVE-2016-4580 | high | 7.5 | 7.5 | 10y ago | The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive in… | |||
| CVE-2016-4485 | high | 7.5 | 7.5 | 10y ago | The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack m… | |||
| CVE-2016-1402 | high | 7.5 | 7.5 | 10y ago | The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a … | |||
| CVE-2016-4348 | high | 7.5 | 7.5 | 10y ago | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an S… | |||
| CVE-2016-4070 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (applica… | |||
| CVE-2016-1853 | high | 7.5 | 7.5 | 10y ago | Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | |||
| CVE-2016-1843 | high | 7.5 | 7.5 | 10y ago | The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-1842 | high | 7.5 | 7.5 | 10y ago | MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the netw… | |||
| CVE-2016-1809 | high | 7.5 | 7.5 | 10y ago | Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. | |||
| CVE-2016-1801 | high | 7.5 | 7.5 | 10y ago | The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive inf… |