CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6170 | medium | 6.5 | 6.5 | 10y ago | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and po… | |||
| CVE-2016-1425 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | |||
| CVE-2016-1398 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3… | |||
| CVE-2016-2968 | medium | 6.5 | 6.5 | 10y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors. | |||
| CVE-2016-3189 | medium | 6.5 | 6.5 | 10y ago | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the… | |||
| CVE-2016-4057 | medium | 6.5 | 6.5 | 10y ago | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |||
| CVE-2016-0349 | medium | 6.5 | 6.5 | 10y ago | IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a… | |||
| CVE-2016-0298 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. | |||
| CVE-2016-4828 | medium | 6.5 | 6.5 | 10y ago | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an ac… | |||
| CVE-2016-1190 | medium | 6.5 | 6.5 | 10y ago | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |||
| CVE-2016-1188 | medium | 6.5 | 6.5 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | |||
| CVE-2016-1437 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID… | |||
| CVE-2016-1434 | medium | 6.5 | 6.5 | 10y ago | The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | |||
| CVE-2016-1428 | medium | 6.5 | 6.5 | 10y ago | Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug… | |||
| CVE-2016-4530 | medium | 6.5 | 6.5 | 10y ago | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | |||
| CVE-2016-4518 | medium | 6.5 | 6.5 | 10y ago | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |||
| CVE-2016-1225 | medium | 6.5 | 6.5 | 10y ago | Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-4816 | medium | 6.5 | 6.5 | 10y ago | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | |||
| CVE-2016-1424 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | |||
| CVE-2016-1397 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0… | |||
| CVE-2016-1432 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP … | |||
| CVE-2016-2392 | medium | 6.5 | 6.5 | 10y ago | The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administr… | |||
| CVE-2016-3226 | medium | 6.5 | 6.5 | 10y ago | Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, a… | |||
| CVE-2016-3201 | medium | 6.5 | 6.5 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF docum… | |||
| CVE-2016-3198 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | |||
| CVE-2016-10362 | medium | 6.5 | 6.5 | 10y ago | Logstash Logs Sensitive Information | |||
| CVE-2016-3677 | medium | 6.5 | 6.5 | 10y ago | The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||
| CVE-2016-2829 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or… | |||
| CVE-2016-2825 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||
| CVE-2016-2822 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | |||
| CVE-2016-3085 | medium | 6.5 | 6.5 | 10y ago | Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass auth… | |||
| CVE-2016-4524 | medium | 6.5 | 6.5 | 10y ago | ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2016-2149 | medium | 6.5 | 6.5 | 10y ago | Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | |||
| CVE-2016-1702 | medium | 6.5 | 6.5 | 10y ago | The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial… | |||
| CVE-2016-1699 | medium | 6.5 | 6.5 | 10y ago | WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl paramet… | |||
| CVE-2016-1698 | medium | 6.5 | 6.5 | 10y ago | The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to… | |||
| CVE-2016-1689 | medium | 6.5 | 6.5 | 10y ago | Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified o… | |||
| CVE-2016-1688 | medium | 6.5 | 6.5 | 10y ago | The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to caus… | |||
| CVE-2016-1687 | medium | 6.5 | 6.5 | 10y ago | The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors relat… | |||
| CVE-2016-1686 | medium | 6.5 | 6.5 | 10y ago | The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, wh… | |||
| CVE-2016-1685 | medium | 6.5 | 6.5 | 10y ago | core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read… | |||
| CVE-2016-1677 | medium | 6.5 | 6.5 | 10y ago | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeU… | |||
| CVE-2016-0288 | medium | 6.5 | 6.5 | 10y ago | IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external … | |||
| CVE-2016-2311 | medium | 6.5 | 6.5 | 10y ago | Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks S… | |||
| CVE-2016-1413 | medium | 6.5 | 6.5 | 10y ago | The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||
| CVE-2016-1379 | medium | 6.5 | 6.5 | 10y ago | Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via cra… | |||
| CVE-2016-1385 | medium | 6.5 | 6.5 | 10y ago | The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by … | |||
| CVE-2016-4020 | medium | 6.5 | 6.5 | 10y ago | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory … | |||
| CVE-2016-4578 | medium | 5.5 | 6.5 | 10y ago | sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of… | |||
| CVE-2016-1858 | medium | 6.5 | 6.5 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted … | |||
| CVE-2016-1839 | medium | 5.5 | 6.5 | 10y ago | The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o… | |||
| CVE-2016-1838 | medium | 5.5 | 6.5 | 10y ago | The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to… | |||
| CVE-2016-1811 | medium | 6.5 | 6.5 | 10y ago | ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||
| CVE-2016-4425 | medium | 6.5 | 6.5 | 10y ago | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | |||
| CVE-2016-3724 | medium | 6.5 | 6.5 | 10y ago | Jenkins Exposes Sensitive Information from Job Configuration | |||
| CVE-2016-0323 | medium | 6.5 | 6.5 | 10y ago | The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS… | |||
| CVE-2016-1665 | medium | 6.5 | 6.5 | 10y ago | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sen… | |||
| CVE-2016-2860 | medium | 6.5 | 6.5 | 10y ago | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups … | |||
| CVE-2016-2013 | medium | 6.5 | 6.5 | 10y ago | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-2012 | medium | 6.5 | 6.5 | 10y ago | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2016-3717 | medium | 5.5 | 6.5 | 10y ago | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||
| CVE-2016-2168 | medium | 6.5 | 6.5 | 10y ago | The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service … | |||
| CVE-2016-2816 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | |||
| CVE-2016-2813 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's phys… | |||
| CVE-2016-2300 | medium | 6.5 | 6.5 | 10y ago | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | |||
| CVE-2016-0684 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. | |||
| CVE-2016-0407 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusio… | |||
| CVE-2016-3688 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. | |||
| CVE-2016-3950 | medium | 6.5 | 6.5 | 10y ago | Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | |||
| CVE-2016-1654 | medium | 6.5 | 6.5 | 10y ago | The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk… | |||
| CVE-2016-2411 | medium | 6.5 | 6.5 | 10y ago | A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. | |||
| CVE-2016-2191 | medium | 6.5 | 6.5 | 10y ago | The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a craf… | |||
| CVE-2016-0775 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |||
| CVE-2016-0740 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |||
| CVE-2016-0161 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-015… | |||
| CVE-2016-0158 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-016… | |||
| CVE-2016-2166 | medium | 6.5 | 6.5 | 10y ago | Moderate severity vulnerability that affects org.apache.qpid:proton-j | |||
| CVE-2016-3985 | medium | 6.5 | 6.5 | 10y ago | The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access re… | |||
| CVE-2016-2858 | medium | 6.5 | 6.5 | 10y ago | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbit… | |||
| CVE-2016-2292 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitra… | |||
| CVE-2016-2291 | medium | 6.5 | 6.5 | 10y ago | Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of ser… | |||
| CVE-2016-3118 | medium | 6.5 | 6.5 | 10y ago | CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified imp… | |||
| CVE-2016-1366 | medium | 6.5 | 6.5 | 10y ago | The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denia… | |||
| CVE-2016-1785 | medium | 6.5 | 6.5 | 10y ago | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Or… | |||
| CVE-2016-1784 | medium | 6.5 | 6.5 | 10y ago | The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) … | |||
| CVE-2016-1782 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a craf… | |||
| CVE-2016-1779 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | |||
| CVE-2016-1771 | medium | 6.5 | 6.5 | 10y ago | The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | |||
| CVE-2016-1770 | medium | 6.5 | 6.5 | 10y ago | The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | |||
| CVE-2016-1994 | medium | 6.5 | 6.5 | 10y ago | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-1992 | medium | 6.5 | 6.5 | 10y ago | HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-2846 | medium | 6.5 | 6.5 | 10y ago | Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | |||
| CVE-2016-1967 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform… | |||
| CVE-2016-1956 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W… | |||
| CVE-2016-0830 | medium | 6.5 | 6.5 | 10y ago | btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of config… | |||
| CVE-2016-1338 | medium | 6.5 | 6.5 | 10y ago | Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||
| CVE-2016-1637 | medium | 6.5 | 6.5 | 10y ago | The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain se… | |||
| CVE-2016-2232 | medium | 6.5 | 6.5 | 10y ago | Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to ca… | |||
| CVE-2016-2037 | medium | 6.5 | 6.5 | 10y ago | The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | |||
| CVE-2016-2398 | medium | 6.5 | 6.5 | 10y ago | Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 G… |