CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5564 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated us… | |||
| CVE-2016-1000001 | high | 7.4 | 7.4 | 10y ago | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||
| CVE-2016-3699 | high | 7.4 | 7.4 | 10y ago | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions an… | |||
| CVE-2016-5284 | high | 7.4 | 7.4 | 10y ago | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spo… | |||
| CVE-2016-0928 | high | 7.4 | 7.4 | 10y ago | Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2016-3378 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers… | |||
| CVE-2016-6516 | high | 7.4 | 7.4 | 10y ago | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain priv… | |||
| CVE-2016-3585 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. | |||
| CVE-2016-0340 | high | 7.4 | 7.4 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveragin… | |||
| CVE-2016-1195 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2016-3664 | high | 7.4 | 7.4 | 10y ago | Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obt… | |||
| CVE-2016-2221 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2016-3726 | high | 7.4 | 7.4 | 10y ago | Jenkins affected by Open Redirect Vulnerability | |||
| CVE-2016-1392 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci… | |||
| CVE-2016-1389 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID… | |||
| CVE-2016-2069 | high | 7.4 | 7.4 | 10y ago | Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | |||
| CVE-2016-2113 | high | 7.4 | 7.4 | 10y ago | Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and … | |||
| CVE-2016-3421 | high | 7.4 | 7.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,… | |||
| CVE-2016-2410 | high | 7.4 | 7.4 | 10y ago | A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka inte… | |||
| CVE-2016-2084 | high | 7.4 | 7.4 | 10y ago | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build … | |||
| CVE-2016-2001 | high | 7.4 | 7.4 | 10y ago | HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | |||
| CVE-2016-3167 | high | 7.4 | 7.4 | 10y ago | Drupal Open redirect vulnerability in the drupal_goto function | |||
| CVE-2016-3164 | high | 7.4 | 7.4 | 10y ago | Drupal Open Redirect | |||
| CVE-2016-2512 | high | 7.4 | 7.4 | 10y ago | The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cr… | |||
| CVE-2016-3116 | medium | 6.4 | 7.4 | 10y ago | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||
| CVE-2016-3115 | medium | 6.4 | 7.4 | 10y ago | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re… | |||
| CVE-2016-1963 | high | 7.4 | 7.4 | 10y ago | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||
| CVE-2016-1942 | high | 7.4 | 7.4 | 11y ago | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | |||
| CVE-2016-1137 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2016-0492 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2016-0491 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availabilit… | |||
| CVE-2016-5795 | high | 7.3 | 7.3 | 9y ago | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker cou… | |||
| CVE-2016-8588 | high | 7.3 | 7.3 | 9y ago | The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uplo… | |||
| CVE-2016-8587 | high | 7.3 | 7.3 | 9y ago | dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn… | |||
| CVE-2016-8032 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||
| CVE-2016-8031 | high | 7.3 | 7.3 | 9y ago | Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | |||
| CVE-2016-10205 | high | 7.3 | 7.3 | 9y ago | Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | |||
| CVE-2016-4041 | high | 7.3 | 7.3 | 9y ago | Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | |||
| CVE-2016-9363 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9334 | high | 7.3 | 7.3 | 9y ago | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and… | |||
| CVE-2016-3102 | high | 7.3 | 7.3 | 9y ago | Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection | |||
| CVE-2016-5934 | high | 7.3 | 7.3 | 9y ago | IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit… | |||
| CVE-2016-1502 | high | 7.3 | 7.3 | 9y ago | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||
| CVE-2016-6042 | high | 7.3 | 7.3 | 10y ago | IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafte… | |||
| CVE-2016-8310 | high | 7.3 | 7.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-7038 | high | 7.3 | 7.3 | 10y ago | Moodle Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2016-10096 | high | 7.3 | 7.3 | 10y ago | GeniXCMS SQL injection vulnerability | |||
| CVE-2016-10039 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10038 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to … | |||
| CVE-2016-10037 | high | 7.3 | 7.3 | 10y ago | Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, re… | |||
| CVE-2016-7966 | high | 7.3 | 7.3 | 10y ago | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si… | |||
| CVE-2016-6474 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication… | |||
| CVE-2016-9156 | high | 7.3 | 7.3 | 10y ago | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted pa… | |||
| CVE-2016-2936 | high | 7.3 | 7.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2016-6733 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6732 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6731 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6730 | high | 7.3 | 7.3 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-4960 | high | 7.3 | 7.3 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privile… | |||
| CVE-2016-6453 | high | 7.3 | 7.3 | 10y ago | A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CS… | |||
| CVE-2016-8503 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java… | |||
| CVE-2016-8502 | high | 7.3 | 7.3 | 10y ago | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J… | |||
| CVE-2016-5539 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-5526 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-7211 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-5995 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse libra… | |||
| CVE-2016-4385 | high | 7.3 | 7.3 | 10y ago | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Jav… | |||
| CVE-2016-4860 | high | 7.3 | 7.3 | 10y ago | Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of se… | |||
| CVE-2016-0896 | high | 7.3 | 7.3 | 10y ago | Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intend… | |||
| CVE-2016-5645 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote a… | |||
| CVE-2016-3841 | high | 7.3 | 7.3 | 10y ago | The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendm… | |||
| CVE-2016-3850 | high | 7.3 | 7.3 | 10y ago | Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field i… | |||
| CVE-2016-2497 | high | 7.3 | 7.3 | 10y ago | services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attacke… | |||
| CVE-2016-6192 | high | 7.3 | 7.3 | 10y ago | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica… | |||
| CVE-2016-4531 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattend… | |||
| CVE-2016-4641 | high | 7.3 | 7.3 | 10y ago | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||
| CVE-2016-5446 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2016-3561 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-0330 | high | 7.3 | 7.3 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by… | |||
| CVE-2016-4529 | high | 7.3 | 7.3 | 10y ago | An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, … | |||
| CVE-2016-3286 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3252 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3250 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||
| CVE-2016-3249 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-4512 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | |||
| CVE-2016-3988 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANT… | |||
| CVE-2016-5722 | high | 7.3 | 7.3 | 10y ago | Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct … | |||
| CVE-2016-4158 | high | 7.3 | 7.3 | 10y ago | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYS… | |||
| CVE-2016-4157 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an un… | |||
| CVE-2016-3233 | high | 7.3 | 7.3 | 10y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vul… | |||
| CVE-2016-0025 | high | 7.3 | 7.3 | 10y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation … | |||
| CVE-2016-2299 | high | 7.3 | 7.3 | 10y ago | SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4018 | high | 7.3 | 7.3 | 10y ago | The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and … | |||
| CVE-2016-1014 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain pri… | |||
| CVE-2016-3188 | high | 7.3 | 7.3 | 10y ago | The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) passw… | |||
| CVE-2016-3187 | high | 7.3 | 7.3 | 10y ago | The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | |||
| CVE-2016-1978 | high | 7.3 | 7.3 | 10y ago | Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers t… | |||
| CVE-2016-1729 | high | 7.3 | 7.3 | 11y ago | Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application. | |||
| CVE-2016-1718 | high | 7.3 | 7.3 | 11y ago | The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-0755 | high | 7.3 | 7.3 | 11y ago | The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users vi… |