CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6147 | critical | 9.8 | 9.8 | 10y ago | An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||
| CVE-2016-6140 | critical | 9.8 | 9.8 | 10y ago | SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | |||
| CVE-2016-6139 | critical | 9.8 | 9.8 | 10y ago | SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||
| CVE-2016-6138 | critical | 9.8 | 9.8 | 10y ago | Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | |||
| CVE-2016-5254 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2016-5670 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access vi… | |||
| CVE-2016-5669 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier… | |||
| CVE-2016-5668 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | |||
| CVE-2016-5667 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. | |||
| CVE-2016-5666 | critical | 9.8 | 9.8 | 10y ago | Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of obj… | |||
| CVE-2016-5640 | critical | 9.8 | 9.8 | 10y ago | Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in t… | |||
| CVE-2016-6178 | critical | 9.8 | 9.8 | 10y ago | Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine dev… | |||
| CVE-2016-5229 | critical | 9.8 | 9.8 | 10y ago | Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to X… | |||
| CVE-2016-3737 | critical | 9.8 | 9.8 | 10y ago | The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | |||
| CVE-2016-4837 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4373 | critical | 9.8 | 9.8 | 10y ago | The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apach… | |||
| CVE-2016-4522 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-6296 | critical | 9.8 | 9.8 | 10y ago | Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attac… | |||
| CVE-2016-6295 | critical | 9.8 | 9.8 | 10y ago | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause… | |||
| CVE-2016-6294 | critical | 9.8 | 9.8 | 10y ago | The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguag… | |||
| CVE-2016-6293 | critical | 9.8 | 9.8 | 10y ago | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain… | |||
| CVE-2016-6291 | critical | 9.8 | 9.8 | 10y ago | The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array… | |||
| CVE-2016-6290 | critical | 9.8 | 9.8 | 10y ago | ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of serv… | |||
| CVE-2016-6288 | critical | 9.8 | 9.8 | 10y ago | The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors … | |||
| CVE-2016-5743 | critical | 9.8 | 9.8 | 10y ago | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as dis… | |||
| CVE-2016-4629 | critical | 9.8 | 9.8 | 10y ago | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. | |||
| CVE-2016-4616 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4615 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4614 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4610 | critical | 9.8 | 9.8 | 10y ago | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4609 | critical | 9.8 | 9.8 | 10y ago | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4608 | critical | 9.8 | 9.8 | 10y ago | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4607 | critical | 9.8 | 9.8 | 10y ago | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a… | |||
| CVE-2016-4598 | critical | 9.8 | 9.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image. | |||
| CVE-2016-5453 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2016-3613 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3607 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vecto… | |||
| CVE-2016-3586 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2016-3556 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-3504 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiali… | |||
| CVE-2016-3499 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via … | |||
| CVE-2016-3493 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related … | |||
| CVE-2016-3468 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integr… | |||
| CVE-2016-3444 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integr… | |||
| CVE-2016-5080 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of se… | |||
| CVE-2016-5804 | critical | 9.8 | 9.8 | 10y ago | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authe… | |||
| CVE-2016-4520 | critical | 9.8 | 9.8 | 10y ago | Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary… | |||
| CVE-2016-5008 | critical | 9.8 | 9.8 | 10y ago | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC sess… | |||
| CVE-2016-4254 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4252 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4251 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4250 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4215 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4214 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4213 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4212 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4211 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4210 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and… | |||
| CVE-2016-4209 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on W… | |||
| CVE-2016-4194 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4193 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4192 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4191 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4503 | critical | 9.8 | 9.8 | 10y ago | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserI… | |||
| CVE-2016-3745 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application th… | |||
| CVE-2016-3743 | critical | 9.8 | 9.8 | 10y ago | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2016-3742 | critical | 9.8 | 9.8 | 10y ago | decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c… | |||
| CVE-2016-3741 | critical | 9.8 | 9.8 | 10y ago | The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory … | |||
| CVE-2016-2506 | critical | 9.8 | 9.8 | 10y ago | DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows… | |||
| CVE-2016-4438 | critical | 9.8 | 9.8 | 10y ago | Arbitrary code execution in Apache Struts 2 | |||
| CVE-2016-3955 | critical | 9.8 | 9.8 | 10y ago | The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecif… | |||
| CVE-2016-2074 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demons… | |||
| CVE-2016-5703 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted dat… | |||
| CVE-2016-1416 | critical | 9.8 | 9.8 | 10y ago | Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bu… | |||
| CVE-2016-1289 | critical | 9.8 | 9.8 | 10y ago | The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information … | |||
| CVE-2016-0391 | critical | 9.8 | 9.8 | 10y ago | The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptograph… | |||
| CVE-2016-2141 | critical | 9.8 | 9.8 | 10y ago | Improper Input Validation in JGroups | |||
| CVE-2016-0224 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4519 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | |||
| CVE-2016-2362 | critical | 9.8 | 9.8 | 10y ago | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. | |||
| CVE-2016-2177 | critical | 9.8 | 9.8 | 10y ago | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or… | |||
| CVE-2016-0912 | critical | 9.8 | 9.8 | 10y ago | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role … | |||
| CVE-2016-4819 | critical | 9.8 | 9.8 | 10y ago | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote atta… | |||
| CVE-2016-1395 | critical | 9.8 | 9.8 | 10y ago | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote at… | |||
| CVE-2016-3642 | critical | 9.8 | 9.8 | 10y ago | The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collec… | |||
| CVE-2016-4167 | critical | 9.8 | 9.8 | 10y ago | Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-4165 | critical | 9.8 | 9.8 | 10y ago | The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | |||
| CVE-2016-4163 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4162 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4161 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4160 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4121 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4120 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-3227 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server U… | |||
| CVE-2016-5365 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HW… | |||
| CVE-2016-5302 | critical | 9.8 | 9.8 | 10y ago | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging c… | |||
| CVE-2016-2496 | critical | 9.8 | 9.8 | 10y ago | The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ov… | |||
| CVE-2016-2473 | critical | 9.8 | 9.8 | 10y ago | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | |||
| CVE-2016-5118 | critical | 9.8 | 9.8 | 10y ago | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |||
| CVE-2016-3720 | critical | 9.8 | 9.8 | 10y ago | jackson-dataformat-xml vulnerable to XML external entity (XXE) |