CVEs from 2016
Total
8,468
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1049 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-1048 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-1047 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-1046 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-1045 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on… | |||
| CVE-2016-1043 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and… | |||
| CVE-2016-1042 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1040 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1039 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1037 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-1114 | critical | 9.8 | 9.8 | 10y ago | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Co… | |||
| CVE-2016-4350 | critical | 9.8 | 9.8 | 10y ago | Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to exe… | |||
| CVE-2016-2429 | critical | 9.8 | 9.8 | 10y ago | libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which … | |||
| CVE-2016-2428 | critical | 9.8 | 9.8 | 10y ago | libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows … | |||
| CVE-2016-2351 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the … | |||
| CVE-2016-4422 | critical | 9.8 | 9.8 | 10y ago | The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | |||
| CVE-2016-1387 | critical | 9.8 | 9.8 | 10y ago | The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles aut… | |||
| CVE-2016-4351 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via uns… | |||
| CVE-2016-2108 | critical | 9.8 | 9.8 | 10y ago | The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via a… | |||
| CVE-2016-4002 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory cor… | |||
| CVE-2016-3082 | critical | 9.8 | 9.8 | 10y ago | Remote Code Execution in Apache Struts | |||
| CVE-2016-3074 | critical | 9.8 | 9.8 | 10y ago | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g… | |||
| CVE-2016-1601 | critical | 9.8 | 9.8 | 10y ago | yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-s… | |||
| CVE-2016-2785 | critical | 9.8 | 9.8 | 10y ago | Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveragin… | |||
| CVE-2016-2331 | critical | 9.8 | 9.8 | 10y ago | The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access vi… | |||
| CVE-2016-10194 | critical | 9.8 | 9.8 | 10y ago | festivaltts4r allows arbitrary command execution | |||
| CVE-2016-2008 | critical | 9.8 | 9.8 | 10y ago | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-2007 | critical | 9.8 | 9.8 | 10y ago | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | |||
| CVE-2016-2006 | critical | 9.8 | 9.8 | 10y ago | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. | |||
| CVE-2016-2005 | critical | 9.8 | 9.8 | 10y ago | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. | |||
| CVE-2016-1363 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers … | |||
| CVE-2016-0693 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. | |||
| CVE-2016-0639 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Aut… | |||
| CVE-2016-0638 | critical | 9.8 | 9.8 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2016-2003 | critical | 9.8 | 9.8 | 10y ago | HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted seriali… | |||
| CVE-2016-2002 | critical | 9.8 | 9.8 | 10y ago | The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary … | |||
| CVE-2016-1659 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-2419 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process m… | |||
| CVE-2016-2418 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memor… | |||
| CVE-2016-2417 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta… | |||
| CVE-2016-2416 | critical | 9.8 | 9.8 | 10y ago | libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permissio… | |||
| CVE-2016-1503 | critical | 9.8 | 9.8 | 10y ago | dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attacke… | |||
| CVE-2016-0841 | critical | 9.8 | 9.8 | 10y ago | media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allow… | |||
| CVE-2016-0839 | critical | 9.8 | 9.8 | 10y ago | post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (me… | |||
| CVE-2016-0838 | critical | 9.8 | 9.8 | 10y ago | Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to… | |||
| CVE-2016-0837 | critical | 9.8 | 9.8 | 10y ago | MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or… | |||
| CVE-2016-0835 | critical | 9.8 | 9.8 | 10y ago | decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file t… | |||
| CVE-2016-0889 | critical | 9.8 | 9.8 | 10y ago | An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | |||
| CVE-2016-1352 | critical | 9.8 | 9.8 | 10y ago | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | |||
| CVE-2016-4009 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, whic… | |||
| CVE-2016-2056 | high | 8.8 | 9.8 | 10y ago | xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) … | |||
| CVE-2016-2054 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via … | |||
| CVE-2016-4007 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via… | |||
| CVE-2016-10193 | critical | 9.8 | 9.8 | 10y ago | espeak-ruby allows arbitrary command execution | |||
| CVE-2016-3657 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of s… | |||
| CVE-2016-3655 | critical | 9.8 | 9.8 | 10y ago | The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via … | |||
| CVE-2016-2170 | critical | 9.8 | 9.8 | 10y ago | Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections l… | |||
| CVE-2016-0733 | critical | 9.8 | 9.8 | 10y ago | The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password | |||
| CVE-2016-3987 | critical | 9.8 | 9.8 | 10y ago | The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | |||
| CVE-2016-2385 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memo… | |||
| CVE-2016-0710 | high | 8.8 | 9.8 | 10y ago | Apache Jetspeed vulnerable to SQL Injection | |||
| CVE-2016-3154 | critical | 9.8 | 9.8 | 10y ago | The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and… | |||
| CVE-2016-3153 | critical | 9.8 | 9.8 | 10y ago | SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||
| CVE-2016-2324 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | |||
| CVE-2016-2315 | critical | 9.8 | 9.8 | 10y ago | revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based b… | |||
| CVE-2016-2851 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a s… | |||
| CVE-2016-2563 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute… | |||
| CVE-2016-0792 | high | 8.8 | 9.8 | 10y ago | Jenkins allows Deserialization of Untrusted Data via an XML File | |||
| CVE-2016-0791 | critical | 9.8 | 9.8 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-0788 | critical | 9.8 | 9.8 | 10y ago | Jenkins allows Execution of Code by Opening a JRMP Listener | |||
| CVE-2016-0729 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denia… | |||
| CVE-2016-1313 | critical | 9.8 | 9.8 | 10y ago | Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to… | |||
| CVE-2016-1291 | critical | 9.8 | 9.8 | 10y ago | Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS… | |||
| CVE-2016-2000 | critical | 9.8 | 9.8 | 10y ago | HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache C… | |||
| CVE-2016-2343 | critical | 9.8 | 9.8 | 10y ago | Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | |||
| CVE-2016-3141 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash… | |||
| CVE-2016-1761 | critical | 9.8 | 9.8 | 10y ago | libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML docum… | |||
| CVE-2016-1741 | critical | 9.8 | 9.8 | 10y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) vi… | |||
| CVE-2016-1998 | critical | 9.8 | 9.8 | 10y ago | HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collecti… | |||
| CVE-2016-1997 | critical | 9.8 | 9.8 | 10y ago | HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to … | |||
| CVE-2016-2245 | critical | 9.8 | 9.8 | 10y ago | HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2016-1995 | critical | 9.8 | 9.8 | 10y ago | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-3191 | critical | 9.8 | 9.8 | 10y ago | The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parent… | |||
| CVE-2016-2345 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string. | |||
| CVE-2016-1989 | critical | 9.8 | 9.8 | 10y ago | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… | |||
| CVE-2016-1988 | critical | 9.8 | 9.8 | 10y ago | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabili… | |||
| CVE-2016-1962 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by… | |||
| CVE-2016-1621 | critical | 9.8 | 9.8 | 10y ago | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption… | |||
| CVE-2016-0816 | critical | 9.8 | 9.8 | 10y ago | mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_par… | |||
| CVE-2016-0815 | critical | 9.8 | 9.8 | 10y ago | The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers… | |||
| CVE-2016-1327 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05… | |||
| CVE-2016-1009 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… | |||
| CVE-2016-1007 | critical | 9.8 | 9.8 | 10y ago | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attacker… | |||
| CVE-2016-0954 | critical | 9.8 | 9.8 | 10y ago | Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-0132 | critical | 9.8 | 9.8 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatur… | |||
| CVE-2016-2843 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2016-1642 | critical | 9.8 | 9.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1639 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remo… | |||
| CVE-2016-1636 | critical | 9.8 | 9.8 | 10y ago | The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instea… | |||
| CVE-2016-1635 | critical | 9.8 | 9.8 | 10y ago | extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, … |