CVEs from 2016
Total
8,469
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6938 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on… | |||
| CVE-2016-6937 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-6303 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or poss… | |||
| CVE-2016-4263 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-4262 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4261 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4260 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4259 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4258 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4257 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, … | |||
| CVE-2016-4256 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, … | |||
| CVE-2016-2182 | critical | 9.8 | 9.8 | 10y ago | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and… | |||
| CVE-2016-7134 | critical | 9.8 | 9.8 | 10y ago | ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overf… | |||
| CVE-2016-7129 | critical | 9.8 | 9.8 | 10y ago | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified… | |||
| CVE-2016-7127 | critical | 9.8 | 9.8 | 10y ago | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bo… | |||
| CVE-2016-7126 | critical | 9.8 | 9.8 | 10y ago | The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-7124 | critical | 9.8 | 9.8 | 10y ago | ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified … | |||
| CVE-2016-3877 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors. | |||
| CVE-2016-4573 | critical | 9.8 | 9.8 | 10y ago | Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-… | |||
| CVE-2016-1279 | critical | 9.8 | 9.8 | 10y ago | J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R… | |||
| CVE-2016-4375 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4)… | |||
| CVE-2016-7110 | critical | 9.8 | 9.8 | 10y ago | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. | |||
| CVE-2016-7109 | critical | 9.8 | 9.8 | 10y ago | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. | |||
| CVE-2016-6825 | critical | 9.8 | 9.8 | 10y ago | Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC… | |||
| CVE-2016-5022 | critical | 9.8 | 9.8 | 10y ago | F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and… | |||
| CVE-2016-7112 | critical | 9.8 | 9.8 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-5636 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negat… | |||
| CVE-2016-1473 | critical | 9.8 | 9.8 | 10y ago | Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, … | |||
| CVE-2016-5678 | critical | 9.8 | 9.8 | 10y ago | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||
| CVE-2016-5336 | critical | 9.8 | 9.8 | 10y ago | VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-5333 | critical | 9.8 | 9.8 | 10y ago | VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||
| CVE-2016-6195 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2016-7115 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PAS… | |||
| CVE-2016-5344 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause… | |||
| CVE-2016-5050 | critical | 9.8 | 9.8 | 10y ago | Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||
| CVE-2016-5048 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field. | |||
| CVE-2016-4270 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4269 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4268 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4267 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4266 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4265 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4119 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-5681 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00W… | |||
| CVE-2016-6909 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code … | |||
| CVE-2016-5799 | critical | 9.8 | 9.8 | 10y ago | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain acc… | |||
| CVE-2016-5081 | critical | 9.8 | 9.8 | 10y ago | ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||
| CVE-2016-5817 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-6493 | critical | 9.8 | 9.8 | 10y ago | Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | |||
| CVE-2016-5408 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary c… | |||
| CVE-2016-5792 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | |||
| CVE-2016-5146 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-5144 | critical | 9.8 | 9.8 | 10y ago | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which… | |||
| CVE-2016-5143 | critical | 9.8 | 9.8 | 10y ago | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which… | |||
| CVE-2016-5142 | critical | 9.8 | 9.8 | 10y ago | The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial o… | |||
| CVE-2016-5140 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service o… | |||
| CVE-2016-5773 | critical | 9.8 | 9.8 | 10y ago | php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote att… | |||
| CVE-2016-5772 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a deni… | |||
| CVE-2016-5771 | critical | 9.8 | 9.8 | 10y ago | spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute… | |||
| CVE-2016-5770 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or poss… | |||
| CVE-2016-5769 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer o… | |||
| CVE-2016-5768 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote atta… | |||
| CVE-2016-3132 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. | |||
| CVE-2016-3078 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly hav… | |||
| CVE-2016-3840 | critical | 9.8 | 9.8 | 10y ago | Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary c… | |||
| CVE-2016-3821 | critical | 9.8 | 9.8 | 10y ago | libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arb… | |||
| CVE-2016-3820 | critical | 9.8 | 9.8 | 10y ago | The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… | |||
| CVE-2016-3819 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remo… | |||
| CVE-2016-4999 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to … | |||
| CVE-2016-6150 | critical | 9.8 | 9.8 | 10y ago | The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified ot… | |||
| CVE-2016-6147 | critical | 9.8 | 9.8 | 10y ago | An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||
| CVE-2016-6140 | critical | 9.8 | 9.8 | 10y ago | SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | |||
| CVE-2016-6139 | critical | 9.8 | 9.8 | 10y ago | SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||
| CVE-2016-6138 | critical | 9.8 | 9.8 | 10y ago | Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||
| CVE-2016-5254 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-5670 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access vi… | |||
| CVE-2016-5669 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier… | |||
| CVE-2016-5668 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | |||
| CVE-2016-5667 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. | |||
| CVE-2016-5666 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of obj… | |||
| CVE-2016-5640 | critical | 9.8 | 9.8 | 10y ago | Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in t… | |||
| CVE-2016-6178 | critical | 9.8 | 9.8 | 10y ago | Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine dev… | |||
| CVE-2016-5229 | critical | 9.8 | 9.8 | 10y ago | Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to X… | |||
| CVE-2016-3737 | critical | 9.8 | 9.8 | 10y ago | The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | |||
| CVE-2016-4837 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4373 | critical | 9.8 | 9.8 | 10y ago | The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apach… | |||
| CVE-2016-4522 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-6296 | critical | 9.8 | 9.8 | 10y ago | Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attac… | |||
| CVE-2016-6295 | critical | 9.8 | 9.8 | 10y ago | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause… | |||
| CVE-2016-6294 | critical | 9.8 | 9.8 | 10y ago | The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguag… | |||
| CVE-2016-6293 | critical | 9.8 | 9.8 | 10y ago | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain… | |||
| CVE-2016-6291 | critical | 9.8 | 9.8 | 10y ago | The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array… | |||
| CVE-2016-6290 | critical | 9.8 | 9.8 | 10y ago | ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-6288 | critical | 9.8 | 9.8 | 10y ago | The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors … | |||
| CVE-2016-5743 | critical | 9.8 | 9.8 | 10y ago | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as dis… | |||
| CVE-2016-4629 | critical | 9.8 | 9.8 | 10y ago | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. | |||
| CVE-2016-4616 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4615 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4614 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4610 | critical | 9.8 | 9.8 | 10y ago | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… |