VIR Vulnerability Intelligence Relay

Search

Found 3,958 results in 496ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-1825 high 7.8 8.8 EXP macos macos 10y ago IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1823 high 7.8 8.8 EXPFIX macos macos 10y ago The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged c…
CVE-2016-1821 high 7.8 8.8 EXP macos macos 10y ago IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1819 high 7.8 8.8 EXPFIX macos macos 10y ago Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute…
CVE-2016-1813 high 7.8 8.8 EXPFIX macos macos 10y ago The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a priv…
CVE-2016-1803 high 7.8 8.8 EXPFIX macos macos 10y ago CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service…
CVE-2016-1794 high 7.8 8.8 EXP macos macos 10y ago The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of serv…
CVE-2016-1793 high 7.8 8.8 EXP macos macos 10y ago AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted …
CVE-2016-2208 critical 9.1 10.0 EXP symantec 10y ago The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …
CVE-2015-6835 critical 9.8 10.0 EXP php 10y ago The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or ca…
CVE-2015-6834 critical 9.8 10.0 EXP php 10y ago Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable…
CVE-2016-2298 critical 9.8 10.0 EXP meteocontrol 10y ago Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVE-2016-2296 critical 9.4 10.0 EXP meteocontrol 10y ago Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat…
CVE-2016-1209 critical 9.8 10.0 EXP ninjaforms 10y ago The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVE-2016-4108 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1106 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1105 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1104 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1103 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1102 high 7.5 8.5 EXP microsoftadobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1101 high 7.5 8.5 EXP adobemicrosoft 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1096 high 7.5 8.5 EXP adobemicrosoft 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-1077 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
CVE-2016-0173 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…
CVE-2016-0171 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…
CVE-2016-0170 high 8.8 9.8 EXP windows windows 10y ago GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke…
CVE-2015-0569 high 7.8 8.8 EXP linux-kernel 10y ago Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation C…
CVE-2016-4535 high 7.5 8.5 EXP mcafee 10y ago Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed exe…
CVE-2016-2854 high 7.8 8.8 EXPFIX debian debian linux-kernel 10y ago The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
CVE-2016-2853 high 7.8 8.8 EXPFIX debian debian linux-kernel 10y ago The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem…
CVE-2016-1576 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top o…
CVE-2016-1575 high 7.8 8.8 EXPFIX slesdebian debianubuntu ubuntu 10y ago The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid direc…
CVE-2016-3672 high 7.8 8.8 EXPFIX slesdebian debiansuse suse novell 10y ago The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the int…
CVE-2016-3135 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of servi…
CVE-2016-3134 high 8.4 9.4 EXPFIX slesdebian debiansuse suse novell 10y ago The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) vi…
CVE-2016-3081 high 8.1 9.1 EXP sles apacheoracle 10y ago Apache Struts RCE Vulnerability
CVE-2016-3074 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse libgdphp 10y ago Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g…
CVE-2016-2203 high 7.8 8.8 EXP symantec 10y ago The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
CVE-2016-1593 high 7.2 8.2 EXP novell 10y ago Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a …
CVE-2016-2004 critical 9.8 10.0 EXP hp 10y ago HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulner…
CVE-2016-0891 high 8.8 9.8 EXP emc 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
CVE-2016-3943 high 7.8 8.8 EXP watchguard 10y ago Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which al…
CVE-2015-7378 high 7.8 8.8 EXP watchguard 10y ago Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda…
CVE-2016-2417 critical 9.8 10.0 EXP 10y ago media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta…
CVE-2016-0846 high 8.4 9.4 EXP 10y ago libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which …
CVE-2016-2056 high 8.8 9.8 EXPFIX debian debian xymon 10y ago xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) …
CVE-2016-2055 high 7.5 8.5 EXPFIX debian debian xymon 10y ago xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
CVE-2016-0145 high 8.8 9.8 EXP windows windows microsoft 10y ago The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007…
CVE-2016-0143 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…
CVE-2016-0122 high 7.8 8.8 EXP microsoft 10y ago Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary…
CVE-2016-3987 critical 9.8 10.0 EXP trendmicro 10y ago The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
CVE-2016-3986 high 7.8 8.8 EXP avast 10y ago Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
CVE-2016-2385 critical 9.8 10.0 EXPFIX debian debian kamailio 10y ago Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memo…
CVE-2016-0710 high 8.8 9.8 EXP apache 10y ago Apache Jetspeed vulnerable to SQL Injection
CVE-2016-0709 high 7.2 8.2 EXP apache 10y ago Path Traversal in Apache Jetspeed
CVE-2016-1013 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary…
CVE-2016-1011 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary…
CVE-2015-6541 high 8.8 9.8 EXP zimbra 10y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users…
CVE-2016-2851 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse cypherpunks 10y ago Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a s…
CVE-2016-2563 critical 9.8 10.0 EXPFIX slesdebian debian 9bissimon_tatham 10y ago Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute…
CVE-2016-1531 high 7.0 8.0 EXPFIX slesdebian debian exim 10y ago Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVE-2016-0792 high 8.8 9.8 EXP jenkinsredhat 10y ago Jenkins allows Deserialization of Untrusted Data via an XML File
CVE-2016-3974 critical 9.1 10.0 EXP sap 10y ago XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access…
CVE-2016-0793 high 7.5 8.5 EXP redhat 10y ago WildFly has incomplete blacklist vulnerability
CVE-2016-2288 high 7.8 8.8 EXP cogentdatahub 10y ago Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
CVE-2016-1769 high 7.8 8.8 EXP macos macos 10y ago QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
CVE-2016-1768 high 7.8 8.8 EXP macos macos 10y ago QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than …
CVE-2016-1767 high 7.8 8.8 EXP macos macos 10y ago QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than …
CVE-2016-1757 high 7.0 8.0 EXP macos macos 10y ago Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1755 high 7.8 8.8 EXPFIX macos macos 10y ago The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memor…
CVE-2016-1749 high 7.8 8.8 EXP macos macos 10y ago IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1744 high 7.8 8.8 EXP macos macos 10y ago The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via…
CVE-2016-1743 high 7.8 8.8 EXP macos macos 10y ago The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via…
CVE-2016-1741 critical 9.8 10.0 EXP macos macos 10y ago The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) vi…
CVE-2016-2345 critical 9.8 10.0 EXP dameware 10y ago Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
CVE-2016-2856 high 8.4 9.4 EXPFIX debian debianubuntu ubuntu gnu 10y ago pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc pack…
CVE-2016-1960 high 8.8 9.8 EXPFIX debian debiansuse suse mozilla 10y ago Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause…
CVE-2016-1002 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Ad…
CVE-2016-1001 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR…
CVE-2016-1000 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…
CVE-2016-0999 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…
CVE-2016-0998 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…
CVE-2016-0997 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 10y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…
CVE-2016-0954 critical 9.8 10.0 EXP adobe 10y ago Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-0121 high 8.8 9.8 EXP windows windows 10y ago The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and…
CVE-2016-0111 high 7.5 8.5 EXP microsoft 10y ago Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br…
CVE-2016-0108 high 7.5 8.5 EXP microsoft 10y ago Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…
CVE-2016-0100 high 8.4 9.4 EXP windows windows 10y ago Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Exe…
CVE-2016-0094 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…
CVE-2016-0093 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al…
CVE-2016-2278 high 7.2 8.2 EXP 10y ago Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeat…
CVE-2016-2098 high 7.3 8.3 EXPFIX debian debian rubyonrails 10y ago Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t…
CVE-2015-7547 high 8.1 9.1 EXPFIX debian debianubuntu ubuntususe suse hpsophossuse 10y ago Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den…
CVE-2016-2389 high 7.5 8.5 EXP sap 10y ago Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra…
CVE-2016-1525 high 8.6 9.6 EXP netgear 11y ago Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the …
CVE-2016-1524 critical 9.6 10.0 EXP netgear 11y ago Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-…
CVE-2016-1287 critical 9.8 10.0 EXP 11y ago Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7),…
CVE-2016-0985 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 11y ago Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe …
CVE-2016-0974 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 11y ago Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S…
CVE-2016-0971 high 8.8 9.8 EXP windows windowsmacos macos linux-kernel adobe 11y ago Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK…