CVEs from 2016
Total
8,469
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6963 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6962 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6961 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6960 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6959 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6958 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6957 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6956 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6955 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6954 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6953 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6952 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6951 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6950 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6949 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6948 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6947 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6946 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6945 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6944 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-6943 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6942 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6941 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6940 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-6939 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on W… | |||
| CVE-2016-1091 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-1089 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on… | |||
| CVE-2016-7117 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system … | |||
| CVE-2016-6696 | critical | 9.8 | 9.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a larg… | |||
| CVE-2016-6695 | critical | 9.8 | 9.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a craf… | |||
| CVE-2016-6694 | critical | 9.8 | 9.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafte… | |||
| CVE-2016-6693 | critical | 9.8 | 9.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an inv… | |||
| CVE-2016-6692 | critical | 9.8 | 9.8 | 10y ago | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other… | |||
| CVE-2016-6691 | critical | 9.8 | 9.8 | 10y ago | service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly ha… | |||
| CVE-2016-5343 | critical | 9.8 | 9.8 | 10y ago | drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other product… | |||
| CVE-2016-3929 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675. | |||
| CVE-2016-3927 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244. | |||
| CVE-2016-3926 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953. | |||
| CVE-2016-1000003 | critical | 9.8 | 9.8 | 10y ago | Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | |||
| CVE-2016-7167 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact vi… | |||
| CVE-2016-1000217 | critical | 9.8 | 9.8 | 10y ago | Zotpress plugin for WordPress SQLi in zp_get_account() | |||
| CVE-2016-1000125 | critical | 9.8 | 9.8 | 10y ago | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||
| CVE-2016-1000124 | critical | 9.8 | 9.8 | 10y ago | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | |||
| CVE-2016-1000123 | critical | 9.8 | 9.8 | 10y ago | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | |||
| CVE-2016-1000113 | critical | 9.8 | 9.8 | 10y ago | XSS and SQLi in huge IT gallery v1.1.5 for Joomla | |||
| CVE-2016-6433 | high | 8.8 | 9.8 | 10y ago | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug … | |||
| CVE-2016-1453 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long para… | |||
| CVE-2016-7954 | critical | 9.8 | 9.8 | 10y ago | Bundler allows attacker to inject arbitrary code via secondary Gem source | |||
| CVE-2016-7560 | critical | 9.8 | 9.8 | 10y ago | The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrar… | |||
| CVE-2016-7161 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | |||
| CVE-2016-5745 | critical | 9.8 | 9.8 | 10y ago | F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF… | |||
| CVE-2016-5686 | critical | 9.8 | 9.8 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | |||
| CVE-2016-5086 | critical | 9.8 | 9.8 | 10y ago | Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | |||
| CVE-2016-6646 | critical | 9.8 | 9.8 | 10y ago | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary co… | |||
| CVE-2016-0913 | critical | 9.8 | 9.8 | 10y ago | The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to… | |||
| CVE-2016-8276 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHA… | |||
| CVE-2016-7405 | critical | 9.8 | 9.8 | 10y ago | ADOdb Library SQL Injection | |||
| CVE-2016-5019 | critical | 9.8 | 9.8 | 10y ago | Apache MyFaces Trinidad Deserialization Vulnerability | |||
| CVE-2016-1243 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. | |||
| CVE-2016-5700 | critical | 9.8 | 9.8 | 10y ago | Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured wit… | |||
| CVE-2016-5180 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code … | |||
| CVE-2016-4436 | critical | 9.8 | 9.8 | 10y ago | Apache Struts improper action name cleanup | |||
| CVE-2016-5062 | critical | 9.8 | 9.8 | 10y ago | The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | |||
| CVE-2016-7568 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service … | |||
| CVE-2016-6330 | critical | 9.8 | 9.8 | 10y ago | The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted H… | |||
| CVE-2016-6137 | critical | 9.8 | 9.8 | 10y ago | An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. | |||
| CVE-2016-6309 | critical | 9.8 | 9.8 | 10y ago | statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitra… | |||
| CVE-2016-6980 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263. | |||
| CVE-2016-4972 | critical | 9.8 | 9.8 | 10y ago | OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x … | |||
| CVE-2016-4303 | critical | 9.8 | 9.8 | 10y ago | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex charac… | |||
| CVE-2016-4702 | critical | 9.8 | 9.8 | 10y ago | Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecifie… | |||
| CVE-2016-6532 | critical | 9.8 | 9.8 | 10y ago | DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||
| CVE-2016-6531 | critical | 9.8 | 9.8 | 10y ago | Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor dispu… | |||
| CVE-2016-6406 | critical | 9.8 | 9.8 | 10y ago | Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 … | |||
| CVE-2016-6374 | critical | 9.8 | 9.8 | 10y ago | Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. | |||
| CVE-2016-5281 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by levera… | |||
| CVE-2016-5280 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows rem… | |||
| CVE-2016-5277 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary co… | |||
| CVE-2016-5276 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote a… | |||
| CVE-2016-5274 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute … | |||
| CVE-2016-5270 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers … | |||
| CVE-2016-5257 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (mem… | |||
| CVE-2016-5256 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2016-6525 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode a… | |||
| CVE-2016-4464 | critical | 9.8 | 9.8 | 10y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2 | |||
| CVE-2016-6354 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors … | |||
| CVE-2016-6530 | critical | 9.8 | 9.8 | 10y ago | Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of t… | |||
| CVE-2016-0917 | critical | 9.8 | 9.8 | 10y ago | The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor… | |||
| CVE-2016-6662 | critical | 9.8 | 9.8 | 10y ago | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo… | |||
| CVE-2016-6536 | critical | 9.8 | 9.8 | 10y ago | The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a … | |||
| CVE-2016-6535 | critical | 9.8 | 9.8 | 10y ago | AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishin… | |||
| CVE-2016-0930 | critical | 9.8 | 9.8 | 10y ago | Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH … | |||
| CVE-2016-0922 | critical | 9.8 | 9.8 | 10y ago | EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | |||
| CVE-2016-0897 | critical | 9.8 | 9.8 | 10y ago | Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remot… | |||
| CVE-2016-0883 | critical | 9.8 | 9.8 | 10y ago | Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass ses… | |||
| CVE-2016-7417 | critical | 9.8 | 9.8 | 10y ago | ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial … | |||
| CVE-2016-7415 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2016-7414 | critical | 9.8 | 9.8 | 10y ago | The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial… | |||
| CVE-2016-7413 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have uns… | |||
| CVE-2016-7411 | critical | 9.8 | 9.8 | 10y ago | ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe… |