CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3959 | high | 7.5 | 7.5 | 10y ago | Denial of service due to unchecked parameters in crypto/dsa | |||
| CVE-2016-4580 | high | 7.5 | 7.5 | 10y ago | The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive in… | |||
| CVE-2016-4485 | high | 7.5 | 7.5 | 10y ago | The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack m… | |||
| CVE-2016-1402 | high | 7.5 | 7.5 | 10y ago | The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a … | |||
| CVE-2016-4348 | high | 7.5 | 7.5 | 10y ago | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an S… | |||
| CVE-2016-4070 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (applica… | |||
| CVE-2016-1853 | high | 7.5 | 7.5 | 10y ago | Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | |||
| CVE-2016-1843 | high | 7.5 | 7.5 | 10y ago | The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-1842 | high | 7.5 | 7.5 | 10y ago | MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the netw… | |||
| CVE-2016-1809 | high | 7.5 | 7.5 | 10y ago | Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. | |||
| CVE-2016-1801 | high | 7.5 | 7.5 | 10y ago | The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive inf… | |||
| CVE-2016-3705 | high | 7.5 | 7.5 | 10y ago | The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to caus… | |||
| CVE-2016-3627 | high | 7.5 | 7.5 | 10y ago | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consum… | |||
| CVE-2016-0341 | high | 7.5 | 7.5 | 10y ago | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive infor… | |||
| CVE-2016-1208 | high | 7.5 | 7.5 | 10y ago | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | |||
| CVE-2016-1399 | high | 7.5 | 7.5 | 10y ago | The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allo… | |||
| CVE-2016-3993 | high | 7.5 | 7.5 | 10y ago | Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafte… | |||
| CVE-2016-2850 | high | 7.5 | 7.5 | 10y ago | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||
| CVE-2016-2849 | high | 7.5 | 7.5 | 10y ago | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret ke… | |||
| CVE-2016-2194 | high | 7.5 | 7.5 | 10y ago | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a c… | |||
| CVE-2016-4116 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4115 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4114 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4113 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4112 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4111 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4110 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4109 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1110 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1109 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1108 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1107 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1100 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1099 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1098 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1097 | high | 7.5 | 7.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1092 | high | 7.5 | 7.5 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1079 | high | 7.5 | 7.5 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-0193 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0192 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0191 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0187 | high | 7.5 | 7.5 | 10y ago | The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2016-0186 | high | 7.5 | 7.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0169 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-0168 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-4556 | high | 7.5 | 7.5 | 10y ago | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | |||
| CVE-2016-4555 | high | 7.5 | 7.5 | 10y ago | client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. | |||
| CVE-2016-4476 | high | 7.5 | 7.5 | 10y ago | hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) … | |||
| CVE-2016-4074 | high | 7.5 | 7.5 | 10y ago | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | |||
| CVE-2016-2094 | high | 7.5 | 7.5 | 10y ago | The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | |||
| CVE-2016-1369 | high | 7.5 | 7.5 | 10y ago | The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows re… | |||
| CVE-2016-1368 | high | 7.5 | 7.5 | 10y ago | Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these app… | |||
| CVE-2016-2109 | high | 7.5 | 7.5 | 10y ago | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory … | |||
| CVE-2016-2106 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruptio… | |||
| CVE-2016-2105 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption)… | |||
| CVE-2016-2117 | high | 7.5 | 7.5 | 10y ago | The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive informa… | |||
| CVE-2016-2070 | high | 7.5 | 7.5 | 10y ago | The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP t… | |||
| CVE-2016-2812 | high | 7.5 | 7.5 | 10y ago | Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a … | |||
| CVE-2016-2808 | high | 7.5 | 7.5 | 10y ago | The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or c… | |||
| CVE-2016-1386 | high | 7.5 | 7.5 | 10y ago | The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka B… | |||
| CVE-2016-2333 | high | 7.5 | 7.5 | 10y ago | SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to … | |||
| CVE-2016-4061 | high | 7.5 | 7.5 | 10y ago | Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. | |||
| CVE-2016-4060 | high | 7.5 | 7.5 | 10y ago | Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2016-1595 | medium | 6.5 | 7.5 | 10y ago | LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att… | |||
| CVE-2016-1594 | medium | 6.5 | 7.5 | 10y ago | Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via … | |||
| CVE-2016-2306 | high | 7.5 | 7.5 | 10y ago | The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-3190 | high | 7.5 | 7.5 | 10y ago | The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a neg… | |||
| CVE-2016-2294 | high | 7.5 | 7.5 | 10y ago | The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. | |||
| CVE-2016-2280 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | |||
| CVE-2016-1367 | high | 7.5 | 7.5 | 10y ago | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID C… | |||
| CVE-2016-1364 | high | 7.5 | 7.5 | 10y ago | Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjo… | |||
| CVE-2016-1362 | high | 7.5 | 7.5 | 10y ago | Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka … | |||
| CVE-2016-1384 | high | 7.5 | 7.5 | 10y ago | The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | |||
| CVE-2016-0741 | high | 7.5 | 7.5 | 10y ago | slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by le… | |||
| CVE-2016-3071 | high | 7.5 | 7.5 | 10y ago | Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||
| CVE-2016-1656 | high | 7.5 | 7.5 | 10y ago | The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||
| CVE-2016-2146 | high | 7.5 | 7.5 | 10y ago | The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server de… | |||
| CVE-2016-2145 | high | 7.5 | 7.5 | 10y ago | The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmen… | |||
| CVE-2016-1274 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. | |||
| CVE-2016-1270 | high | 7.5 | 7.5 | 10y ago | The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X… | |||
| CVE-2016-1269 | high | 7.5 | 7.5 | 10y ago | Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 befo… | |||
| CVE-2016-1268 | high | 7.5 | 7.5 | 10y ago | The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. | |||
| CVE-2016-4017 | high | 7.5 | 7.5 | 10y ago | The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710. | |||
| CVE-2016-4015 | high | 7.5 | 7.5 | 10y ago | The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. | |||
| CVE-2016-2515 | high | 7.5 | 7.5 | 10y ago | Regular Expression Denial of Service in hawk | |||
| CVE-2016-2118 | high | 7.5 | 7.5 | 10y ago | The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers … | |||
| CVE-2016-1035 | high | 7.5 | 7.5 | 10y ago | Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0166 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-0164 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2016-0159 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2016-0157 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0156 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0155 | high | 7.5 | 7.5 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a diffe… | |||
| CVE-2016-0154 | high | 7.5 | 7.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0150 | high | 7.5 | 7.5 | 10y ago | HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." | |||
| CVE-2016-3656 | high | 7.5 | 7.5 | 10y ago | The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service c… | |||
| CVE-2016-3165 | high | 7.5 | 7.5 | 10y ago | Drupal Form API ignores access restrictions on submit buttons | |||
| CVE-2016-3163 | high | 7.5 | 7.5 | 10y ago | Drupal Brute force amplification attacks via XML-RPC | |||
| CVE-2016-3678 | high | 7.5 | 7.5 | 10y ago | Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||
| CVE-2016-2193 | high | 7.5 | 7.5 | 10y ago | PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that pe… |