CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3705 | high | 7.5 | 7.5 | 10y ago | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to caus… | |||
| CVE-2016-3627 | high | 7.5 | 7.5 | 10y ago | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consum… | |||
| CVE-2016-0341 | high | 7.5 | 7.5 | 10y ago | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive infor… | |||
| CVE-2016-1208 | high | 7.5 | 7.5 | 10y ago | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | |||
| CVE-2016-1399 | high | 7.5 | 7.5 | 10y ago | The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allo… | |||
| CVE-2016-3993 | high | 7.5 | 7.5 | 10y ago | Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafte… | |||
| CVE-2016-2850 | high | 7.5 | 7.5 | 10y ago | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||
| CVE-2016-2849 | high | 7.5 | 7.5 | 10y ago | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret ke… | |||
| CVE-2016-2194 | high | 7.5 | 7.5 | 10y ago | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a c… | |||
| CVE-2016-4116 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4115 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4114 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4113 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4112 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4111 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4110 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4109 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1110 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1109 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1108 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1107 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1100 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1099 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1098 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1097 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1092 | high | 7.5 | 7.5 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1079 | high | 7.5 | 7.5 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-0193 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0192 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0191 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0187 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2016-0186 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-4556 | high | 7.5 | 7.5 | 10y ago | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | |||
| CVE-2016-4555 | high | 7.5 | 7.5 | 10y ago | client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. | |||
| CVE-2016-4476 | high | 7.5 | 7.5 | 10y ago | hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) … | |||
| CVE-2016-4074 | high | 7.5 | 7.5 | 10y ago | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | |||
| CVE-2016-2094 | high | 7.5 | 7.5 | 10y ago | The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | |||
| CVE-2016-1369 | high | 7.5 | 7.5 | 10y ago | The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows re… | |||
| CVE-2016-1368 | high | 7.5 | 7.5 | 10y ago | Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these app… | |||
| CVE-2016-2109 | high | 7.5 | 7.5 | 10y ago | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory … | |||
| CVE-2016-2106 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruptio… | |||
| CVE-2016-2105 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption)… | |||
| CVE-2016-2117 | high | 7.5 | 7.5 | 10y ago | The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive informa… | |||
| CVE-2016-2070 | high | 7.5 | 7.5 | 10y ago | The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP t… | |||
| CVE-2016-2812 | high | 7.5 | 7.5 | 10y ago | Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a … | |||
| CVE-2016-2808 | high | 7.5 | 7.5 | 10y ago | The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or c… | |||
| CVE-2016-1386 | high | 7.5 | 7.5 | 10y ago | The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka B… | |||
| CVE-2016-2333 | high | 7.5 | 7.5 | 10y ago | SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to … | |||
| CVE-2016-4061 | high | 7.5 | 7.5 | 10y ago | Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. | |||
| CVE-2016-4060 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2016-2306 | high | 7.5 | 7.5 | 10y ago | The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-3190 | high | 7.5 | 7.5 | 10y ago | The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a neg… | |||
| CVE-2016-2294 | high | 7.5 | 7.5 | 10y ago | The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. | |||
| CVE-2016-2280 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | |||
| CVE-2016-1367 | high | 7.5 | 7.5 | 10y ago | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID C… | |||
| CVE-2016-1364 | high | 7.5 | 7.5 | 10y ago | Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjo… | |||
| CVE-2016-1362 | high | 7.5 | 7.5 | 10y ago | Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka … | |||
| CVE-2016-1384 | high | 7.5 | 7.5 | 10y ago | The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | |||
| CVE-2016-0741 | high | 7.5 | 7.5 | 10y ago | slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by le… | |||
| CVE-2016-3071 | high | 7.5 | 7.5 | 10y ago | Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||
| CVE-2016-1656 | high | 7.5 | 7.5 | 10y ago | The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||
| CVE-2016-2146 | high | 7.5 | 7.5 | 10y ago | The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server de… | |||
| CVE-2016-2145 | high | 7.5 | 7.5 | 10y ago | The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmen… | |||
| CVE-2016-1274 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. | |||
| CVE-2016-1270 | high | 7.5 | 7.5 | 10y ago | The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X… | |||
| CVE-2016-1269 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 befo… | |||
| CVE-2016-1268 | high | 7.5 | 7.5 | 10y ago | The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. | |||
| CVE-2016-4017 | high | 7.5 | 7.5 | 10y ago | The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||
| CVE-2016-4015 | high | 7.5 | 7.5 | 10y ago | The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | |||
| CVE-2016-2515 | high | 7.5 | 7.5 | 10y ago | Regular Expression Denial of Service in hawk | |||
| CVE-2016-2118 | high | 7.5 | 7.5 | 10y ago | The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers … | |||
| CVE-2016-1035 | high | 7.5 | 7.5 | 10y ago | Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0166 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0164 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2016-0159 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2016-0157 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0156 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0155 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0154 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0150 | high | 7.5 | 7.5 | 10y ago | HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." | |||
| CVE-2016-3656 | high | 7.5 | 7.5 | 10y ago | The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service c… | |||
| CVE-2016-3165 | high | 7.5 | 7.5 | 10y ago | Drupal Form API ignores access restrictions on submit buttons | |||
| CVE-2016-3163 | high | 7.5 | 7.5 | 10y ago | Drupal Brute force amplification attacks via XML-RPC | |||
| CVE-2016-3678 | high | 7.5 | 7.5 | 10y ago | Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||
| CVE-2016-2193 | high | 7.5 | 7.5 | 10y ago | PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that pe… | |||
| CVE-2016-2171 | high | 7.5 | 7.5 | 10y ago | The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the RES… | |||
| CVE-2016-2164 | high | 7.5 | 7.5 | 10y ago | Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file | |||
| CVE-2016-0783 | high | 7.5 | 7.5 | 10y ago | The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging… | |||
| CVE-2016-3983 | high | 7.5 | 7.5 | 10y ago | McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||
| CVE-2016-2381 | high | 7.5 | 7.5 | 10y ago | Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | |||
| CVE-2016-3980 | high | 7.5 | 7.5 | 10y ago | The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | |||
| CVE-2016-3979 | high | 7.5 | 7.5 | 10y ago | Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP req… | |||
| CVE-2016-2216 | high | 7.5 | 7.5 | 10y ago | The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response… | |||
| CVE-2016-2086 | high | 7.5 | 7.5 | 10y ago | Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | |||
| CVE-2016-3948 | high | 7.5 | 7.5 | 10y ago | Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | |||
| CVE-2016-2272 | high | 7.5 | 7.5 | 10y ago | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | |||
| CVE-2016-0871 | high | 7.5 | 7.5 | 10y ago | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | |||
| CVE-2016-3125 | high | 7.5 | 7.5 | 10y ago | The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be use… | |||
| CVE-2016-2289 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors. | |||
| CVE-2016-1345 | high | 7.5 | 7.5 | 10y ago | Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka B… |