CVEs from 2016
Total
8,469
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8361 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authenticat… | |||
| CVE-2016-5803 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be wit… | |||
| CVE-2016-5782 | high | 8.6 | 8.6 | 9y ago | An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for … | |||
| CVE-2016-6171 | high | 8.6 | 8.6 | 9y ago | Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | |||
| CVE-2016-9225 | high | 8.6 | 8.6 | 9y ago | A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX m… | |||
| CVE-2016-6621 | high | 8.6 | 8.6 | 10y ago | The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||
| CVE-2016-10142 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security … | |||
| CVE-2016-10124 | high | 8.6 | 8.6 | 10y ago | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push c… | |||
| CVE-2016-9752 | high | 8.6 | 8.6 | 10y ago | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | |||
| CVE-2016-4333 | high | 8.6 | 8.6 | 10y ago | The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's term… | |||
| CVE-2016-4332 | high | 8.6 | 8.6 | 10y ago | The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't su… | |||
| CVE-2016-4331 | high | 8.6 | 8.6 | 10y ago | When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execu… | |||
| CVE-2016-4330 | high | 8.6 | 8.6 | 10y ago | In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, … | |||
| CVE-2016-7964 | high | 8.6 | 8.6 | 10y ago | The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This … | |||
| CVE-2016-5588 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-5558 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava… | |||
| CVE-2016-0249 | high | 8.6 | 8.6 | 10y ago | SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbit… | |||
| CVE-2016-2308 | high | 8.6 | 8.6 | 10y ago | American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, … | |||
| CVE-2016-6250 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying f… | |||
| CVE-2016-4384 | high | 8.6 | 8.6 | 10y ago | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-0904 | high | 8.6 | 8.6 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to … | |||
| CVE-2016-5814 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remo… | |||
| CVE-2016-6483 | high | 8.6 | 8.6 | 10y ago | The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5… | |||
| CVE-2016-4264 | high | 8.6 | 8.6 | 10y ago | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craf… | |||
| CVE-2016-6597 | high | 8.6 | 8.6 | 10y ago | Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the r… | |||
| CVE-2016-1951 | high | 8.6 | 8.6 | 10y ago | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified oth… | |||
| CVE-2016-4029 | high | 8.6 | 8.6 | 10y ago | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via… | |||
| CVE-2016-5096 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2016-5095 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have … | |||
| CVE-2016-5094 | high | 8.6 | 8.6 | 10y ago | Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecifie… | |||
| CVE-2016-5093 | high | 8.6 | 8.6 | 10y ago | The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows … | |||
| CVE-2016-3596 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3595 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3594 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3593 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3592 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3591 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3590 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3583 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3582 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3581 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3580 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3579 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3578 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3577 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3576 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3575 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3574 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-1394 | high | 8.6 | 8.6 | 10y ago | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||
| CVE-2016-4791 | high | 8.6 | 8.6 | 10y ago | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arb… | |||
| CVE-2016-4001 | high | 8.6 | 8.6 | 10y ago | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cau… | |||
| CVE-2016-2222 | high | 8.6 | 8.6 | 10y ago | The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o… | |||
| CVE-2016-4554 | high | 8.6 | 8.6 | 10y ago | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header sm… | |||
| CVE-2016-4553 | high | 8.6 | 8.6 | 10y ago | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks vi… | |||
| CVE-2016-1373 | high | 8.6 | 8.6 | 10y ago | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10… | |||
| CVE-2016-3455 | high | 8.6 | 8.6 | 10y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availabil… | |||
| CVE-2016-2293 | high | 8.6 | 8.6 | 10y ago | The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||
| CVE-2016-4014 | high | 8.6 | 8.6 | 10y ago | XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to ud… | |||
| CVE-2016-1286 | high | 8.6 | 8.6 | 10y ago | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME r… | |||
| CVE-2016-10073 | high | 7.5 | 8.5 | 9y ago | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr… | |||
| CVE-2016-1561 | high | 7.5 | 8.5 | 9y ago | ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a pri… | |||
| CVE-2016-9727 | high | 8.5 | 8.5 | 9y ago | IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute… | |||
| CVE-2016-8358 | high | 8.5 | 8.5 | 9y ago | An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which… | |||
| CVE-2016-6601 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame… | |||
| CVE-2016-7462 | high | 8.5 | 8.5 | 10y ago | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a rel… | |||
| CVE-2016-2988 | high | 8.5 | 8.5 | 10y ago | IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated … | |||
| CVE-2016-2776 | high | 7.5 | 8.5 | 10y ago | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-5676 | high | 7.5 | 8.5 | 10y ago | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwo… | |||
| CVE-2016-1543 | high | 7.5 | 8.5 | 10y ago | The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary use… | |||
| CVE-2016-1542 | high | 7.5 | 8.5 | 10y ago | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by send… | |||
| CVE-2016-2055 | high | 7.5 | 8.5 | 10y ago | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||
| CVE-2016-1570 | high | 8.5 | 8.5 | 11y ago | The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or hav… | |||
| CVE-2016-1499 | high | 8.5 | 8.5 | 11y ago | ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of serv… | |||
| CVE-2016-20048 | high | 8.4 | 8.4 | 2mo ago | iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft … | |||
| CVE-2016-20046 | high | 8.4 | 8.4 | 2mo ago | zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary cod… | |||
| CVE-2016-20042 | high | 8.4 | 8.4 | 2mo ago | TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious … | |||
| CVE-2016-20041 | high | 8.4 | 8.4 | 2mo ago | Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers … | |||
| CVE-2016-20040 | high | 8.4 | 8.4 | 2mo ago | TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an … | |||
| CVE-2016-20038 | high | 8.4 | 8.4 | 2mo ago | yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can c… | |||
| CVE-2016-20037 | high | 8.4 | 8.4 | 2mo ago | xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundar… | |||
| CVE-2016-4383 | high | 8.4 | 8.4 | 9y ago | The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified ima… | |||
| CVE-2016-9976 | high | 8.4 | 8.4 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to… | |||
| CVE-2016-7102 | high | 8.4 | 8.4 | 10y ago | ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||
| CVE-2016-7543 | high | 8.4 | 8.4 | 10y ago | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||
| CVE-2016-4335 | high | 8.4 | 8.4 | 10y ago | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulti… | |||
| CVE-2016-4288 | high | 8.4 | 8.4 | 10y ago | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary pro… | |||
| CVE-2016-0909 | high | 8.4 | 8.4 | 10y ago | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | |||
| CVE-2016-8661 | high | 8.4 | 8.4 | 10y ago | Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access… | |||
| CVE-2016-6340 | high | 8.4 | 8.4 | 10y ago | The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force … | |||
| CVE-2016-6322 | high | 8.4 | 8.4 | 10y ago | Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | |||
| CVE-2016-3100 | high | 8.4 | 8.4 | 10y ago | kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly… | |||
| CVE-2016-3749 | high | 8.4 | 8.4 | 10y ago | server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 2816… | |||
| CVE-2016-3748 | high | 8.4 | 8.4 | 10y ago | The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804. | |||
| CVE-2016-3646 | high | 8.4 | 8.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… | |||
| CVE-2016-3644 | high | 8.4 | 8.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… | |||
| CVE-2016-2207 | high | 8.4 | 8.4 | 10y ago | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE… |