CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4176 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4175 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4503 | critical | 9.8 | 9.8 | 10y ago | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserI… | |||
| CVE-2016-3745 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application th… | |||
| CVE-2016-3743 | critical | 9.8 | 9.8 | 10y ago | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2016-3742 | critical | 9.8 | 9.8 | 10y ago | decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c… | |||
| CVE-2016-3741 | critical | 9.8 | 9.8 | 10y ago | The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory … | |||
| CVE-2016-2506 | critical | 9.8 | 9.8 | 10y ago | DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows… | |||
| CVE-2016-4438 | critical | 9.8 | 9.8 | 10y ago | Arbitrary code execution in Apache Struts 2 | |||
| CVE-2016-3955 | critical | 9.8 | 9.8 | 10y ago | The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecif… | |||
| CVE-2016-2074 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demons… | |||
| CVE-2016-5703 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted dat… | |||
| CVE-2016-1416 | critical | 9.8 | 9.8 | 10y ago | Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bu… | |||
| CVE-2016-1289 | critical | 9.8 | 9.8 | 10y ago | The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information … | |||
| CVE-2016-0391 | critical | 9.8 | 9.8 | 10y ago | The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptograph… | |||
| CVE-2016-4971 | high | 8.8 | 9.8 | 10y ago | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | |||
| CVE-2016-2141 | critical | 9.8 | 9.8 | 10y ago | Improper Input Validation in JGroups | |||
| CVE-2016-0224 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4519 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | |||
| CVE-2016-2362 | critical | 9.8 | 9.8 | 10y ago | Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. | |||
| CVE-2016-2177 | critical | 9.8 | 9.8 | 10y ago | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or… | |||
| CVE-2016-0912 | critical | 9.8 | 9.8 | 10y ago | EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role … | |||
| CVE-2016-4819 | critical | 9.8 | 9.8 | 10y ago | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote atta… | |||
| CVE-2016-1395 | critical | 9.8 | 9.8 | 10y ago | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote at… | |||
| CVE-2016-3642 | critical | 9.8 | 9.8 | 10y ago | The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collec… | |||
| CVE-2016-4167 | critical | 9.8 | 9.8 | 10y ago | Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-4165 | critical | 9.8 | 9.8 | 10y ago | The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | |||
| CVE-2016-4163 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4162 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4161 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4160 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-4137 | high | 8.8 | 9.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4136 | high | 8.8 | 9.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4135 | high | 8.8 | 9.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4121 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary… | |||
| CVE-2016-4120 | critical | 9.8 | 9.8 | 10y ago | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |||
| CVE-2016-3227 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server U… | |||
| CVE-2016-3222 | high | 8.8 | 9.8 | 10y ago | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | |||
| CVE-2016-3213 | high | 8.8 | 9.8 | 10y ago | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT… | |||
| CVE-2016-0199 | high | 8.8 | 9.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-5365 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HW… | |||
| CVE-2016-5302 | critical | 9.8 | 9.8 | 10y ago | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging c… | |||
| CVE-2016-2819 | high | 8.8 | 9.8 | 10y ago | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fr… | |||
| CVE-2016-2496 | critical | 9.8 | 9.8 | 10y ago | The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ov… | |||
| CVE-2016-2473 | critical | 9.8 | 9.8 | 10y ago | The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | |||
| CVE-2016-5118 | critical | 9.8 | 9.8 | 10y ago | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |||
| CVE-2016-3720 | critical | 9.8 | 9.8 | 10y ago | jackson-dataformat-xml vulnerable to XML external entity (XXE) | |||
| CVE-2016-2786 | critical | 9.8 | 9.8 | 10y ago | The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof b… | |||
| CVE-2016-4328 | critical | 9.8 | 9.8 | 10y ago | MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct … | |||
| CVE-2016-4326 | critical | 9.8 | 9.8 | 10y ago | The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. | |||
| CVE-2016-0916 | critical | 9.8 | 9.8 | 10y ago | EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetW… | |||
| CVE-2016-4448 | critical | 9.8 | 9.8 | 10y ago | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||
| CVE-2016-0749 | critical | 9.8 | 9.8 | 10y ago | The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, wh… | |||
| CVE-2016-2310 | critical | 9.8 | 9.8 | 10y ago | General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, wh… | |||
| CVE-2016-4368 | critical | 9.8 | 9.8 | 10y ago | HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a c… | |||
| CVE-2016-4366 | critical | 9.8 | 9.8 | 10y ago | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||
| CVE-2016-4359 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Perfo… | |||
| CVE-2016-2024 | critical | 9.8 | 9.8 | 10y ago | HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||
| CVE-2016-4564 | critical | 9.8 | 9.8 | 10y ago | The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers… | |||
| CVE-2016-1388 | critical | 9.8 | 9.8 | 10y ago | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2… | |||
| CVE-2016-4521 | critical | 9.8 | 9.8 | 10y ago | Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. | |||
| CVE-2016-1999 | critical | 9.8 | 9.8 | 10y ago | The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||
| CVE-2016-0718 | critical | 9.8 | 9.8 | 10y ago | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||
| CVE-2016-4576 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS80… | |||
| CVE-2016-4544 | critical | 9.8 | 9.8 | 10y ago | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a d… | |||
| CVE-2016-4543 | critical | 9.8 | 9.8 | 10y ago | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial o… | |||
| CVE-2016-4542 | critical | 9.8 | 9.8 | 10y ago | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to c… | |||
| CVE-2016-4541 | critical | 9.8 | 9.8 | 10y ago | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds… | |||
| CVE-2016-4540 | critical | 9.8 | 9.8 | 10y ago | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2016-4539 | critical | 9.8 | 9.8 | 10y ago | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segment… | |||
| CVE-2016-4538 | critical | 9.8 | 9.8 | 10y ago | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_… | |||
| CVE-2016-4537 | critical | 9.8 | 9.8 | 10y ago | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause … | |||
| CVE-2016-4346 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string,… | |||
| CVE-2016-4345 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other i… | |||
| CVE-2016-4344 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argumen… | |||
| CVE-2016-4073 | critical | 9.8 | 9.8 | 10y ago | Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial… | |||
| CVE-2016-4072 | critical | 9.8 | 9.8 | 10y ago | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 chara… | |||
| CVE-2016-2077 | critical | 9.8 | 9.8 | 10y ago | VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vector… | |||
| CVE-2016-2554 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have… | |||
| CVE-2016-1666 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1662 | critical | 9.8 | 9.8 | 10y ago | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a … | |||
| CVE-2016-4325 | critical | 9.8 | 9.8 | 10y ago | Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | |||
| CVE-2016-4024 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write opera… | |||
| CVE-2016-2196 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code v… | |||
| CVE-2016-2195 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point,… | |||
| CVE-2016-2099 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML d… | |||
| CVE-2016-1580 | critical | 9.8 | 9.8 | 10y ago | The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to ob… | |||
| CVE-2016-1578 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously t… | |||
| CVE-2016-4107 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-4105 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4104 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4103 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4102 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-4101 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4100 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4099 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4098 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4097 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4096 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-4094 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… |