CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9912 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. … | |||
| CVE-2016-9911 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process coul… | |||
| CVE-2016-9907 | medium | 6.5 | 6.5 | 10y ago | Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest … | |||
| CVE-2016-7968 | medium | 6.5 | 6.5 | 10y ago | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||
| CVE-2016-7257 | medium | 6.5 | 6.5 | 10y ago | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive informati… | |||
| CVE-2016-5192 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5189 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5187 | medium | 6.5 | 6.5 | 10y ago | multiple issues in chromium | |||
| CVE-2016-8827 | medium | 6.5 | 6.5 | 10y ago | NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter valid… | |||
| CVE-2016-9964 | medium | 6.5 | 6.5 | 10y ago | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |||
| CVE-2016-9208 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… | |||
| CVE-2016-9207 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… | |||
| CVE-2016-9204 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … | |||
| CVE-2016-9199 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… | |||
| CVE-2016-6473 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCu… | |||
| CVE-2016-6471 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… | |||
| CVE-2016-9633 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |||
| CVE-2016-9632 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9631 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9629 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9628 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9627 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | |||
| CVE-2016-9626 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9625 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9624 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9623 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9622 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9443 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9442 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | |||
| CVE-2016-9441 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9440 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9439 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9438 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9437 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a… | |||
| CVE-2016-9434 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-9433 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. | |||
| CVE-2016-9432 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HT… | |||
| CVE-2016-9431 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||
| CVE-2016-9430 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||
| CVE-2016-6630 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to … | |||
| CVE-2016-6623 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… | |||
| CVE-2016-6618 | medium | 6.5 | 6.5 | 10y ago | phpMyAdmin Denial of service (DOS) attack in transformation feature | |||
| CVE-2016-6612 | medium | 6.5 | 6.5 | 10y ago | An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions… | |||
| CVE-2016-3044 | medium | 6.5 | 6.5 | 10y ago | The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | |||
| CVE-2016-2881 | medium | 6.5 | 6.5 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request paramete… | |||
| CVE-2016-2950 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-2937 | medium | 6.5 | 6.5 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil… | |||
| CVE-2016-5765 | medium | 6.5 | 6.5 | 10y ago | Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote un… | |||
| CVE-2016-0317 | medium | 6.5 | 6.5 | 10y ago | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-9452 | medium | 6.5 | 6.5 | 10y ago | Drupal Denial of service via transliterate mechanism | |||
| CVE-2016-2996 | medium | 6.5 | 6.5 | 10y ago | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. | |||
| CVE-2016-9149 | medium | 6.5 | 6.5 | 10y ago | The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single qu… | |||
| CVE-2016-6457 | medium | 6.5 | 6.5 | 10y ago | A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | |||
| CVE-2016-7252 | medium | 6.5 | 6.5 | 10y ago | Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnera… | |||
| CVE-2016-7233 | medium | 6.5 | 6.5 | 10y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Off… | |||
| CVE-2016-7216 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka… | |||
| CVE-2016-7210 | medium | 6.5 | 6.5 | 10y ago | atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows… | |||
| CVE-2016-7386 | medium | 5.5 | 6.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-6454 | medium | 6.5 | 6.5 | 10y ago | A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute u… | |||
| CVE-2016-9086 | medium | 6.5 | 6.5 | 10y ago | GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their p… | |||
| CVE-2016-8879 | medium | 6.5 | 6.5 | 10y ago | The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and a… | |||
| CVE-2016-7965 | medium | 6.5 | 6.5 | 10y ago | DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can cha… | |||
| CVE-2016-9117 | medium | 6.5 | 6.5 | 10y ago | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-9116 | medium | 6.5 | 6.5 | 10y ago | NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-9115 | medium | 6.5 | 6.5 | 10y ago | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||
| CVE-2016-4394 | medium | 6.5 | 6.5 | 10y ago | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | |||
| CVE-2016-9018 | medium | 5.5 | 6.5 | 10y ago | Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | |||
| CVE-2016-6440 | medium | 6.5 | 6.5 | 10y ago | The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information… | |||
| CVE-2016-5627 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5626 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | |||
| CVE-2016-5624 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2016-5612 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2016-5609 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2016-5585 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via … | |||
| CVE-2016-5571 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via… | |||
| CVE-2016-5570 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5567 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via… | |||
| CVE-2016-5534 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2016-5521 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, … | |||
| CVE-2016-3492 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimi… | |||
| CVE-2016-6828 | medium | 5.5 | 6.5 | 10y ago | The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a deni… | |||
| CVE-2016-3209 | medium | 5.5 | 6.5 | 10y ago | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10… | |||
| CVE-2016-0075 | medium | 5.5 | 6.5 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-0070 | medium | 5.5 | 6.5 | 10y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows … | |||
| CVE-2016-4407 | medium | 6.5 | 6.5 | 10y ago | The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka S… | |||
| CVE-2016-8564 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | |||
| CVE-2016-6689 | medium | 5.5 | 6.5 | 10y ago | Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. | |||
| CVE-2016-3882 | medium | 6.5 | 6.5 | 10y ago | Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an acc… | |||
| CVE-2016-6424 | medium | 6.5 | 6.5 | 10y ago | The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHC… | |||
| CVE-2016-1454 | medium | 6.5 | 6.5 | 10y ago | Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload)… | |||
| CVE-2016-6423 | medium | 6.5 | 6.5 | 10y ago | The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux9754… | |||
| CVE-2016-6420 | medium | 6.5 | 6.5 | 10y ago | Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, ak… | |||
| CVE-2016-8280 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2016-8277 | medium | 6.5 | 6.5 | 10y ago | Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified… | |||
| CVE-2016-6905 | medium | 6.5 | 6.5 | 10y ago | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. | |||
| CVE-2016-3625 | medium | 6.5 | 6.5 | 10y ago | tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. | |||
| CVE-2016-3622 | medium | 6.5 | 6.5 | 10y ago | The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. | |||
| CVE-2016-3619 | medium | 6.5 | 6.5 | 10y ago | The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-r… | |||
| CVE-2016-5176 | medium | 6.5 | 6.5 | 10y ago | Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. |