CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0093 | high | 7.8 | 8.8 | 10y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al… | |||
| CVE-2016-0051 | high | 7.8 | 8.8 | 11y ago | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows … | |||
| CVE-2016-0041 | high | 7.8 | 8.8 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11… | |||
| CVE-2016-0728 | high | 7.8 | 8.8 | 11y ago | The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or… | |||
| CVE-2016-1721 | high | 7.8 | 8.8 | 11y ago | The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-1720 | high | 7.8 | 8.8 | 11y ago | IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-1719 | high | 7.8 | 8.8 | 11y ago | The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2016-0016 | high | 7.8 | 8.8 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl… | |||
| CVE-2016-0015 | high | 7.8 | 8.8 | 11y ago | DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attac… | |||
| CVE-2016-0007 | high | 7.8 | 8.8 | 11y ago | The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Win… | |||
| CVE-2016-3473 | high | 7.7 | 8.7 | 10y ago | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confide… | |||
| CVE-2016-0736 | high | 7.5 | 8.5 | 9y ago | In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul… | |||
| CVE-2016-7508 | high | 7.5 | 8.5 | 9y ago | Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5… | |||
| CVE-2016-10073 | high | 7.5 | 8.5 | 9y ago | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr… | |||
| CVE-2016-7054 | high | 7.5 | 8.5 | 9y ago | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue i… | |||
| CVE-2016-1561 | high | 7.5 | 8.5 | 9y ago | ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a pri… | |||
| CVE-2016-8022 | high | 7.5 | 8.5 | 9y ago | Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den… | |||
| CVE-2016-6255 | high | 7.5 | 8.5 | 9y ago | Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||
| CVE-2016-4312 | high | 7.5 | 8.5 | 9y ago | XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to … | |||
| CVE-2016-9349 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. | |||
| CVE-2016-9332 | high | 7.5 | 8.5 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr… | |||
| CVE-2016-9244 | high | 7.5 | 8.5 | 9y ago | A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi… | |||
| CVE-2016-10079 | high | 7.5 | 8.5 | 10y ago | SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||
| CVE-2016-6601 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame… | |||
| CVE-2016-4793 | high | 7.5 | 8.5 | 10y ago | CakePHP allows remote attackers to spoof their IP | |||
| CVE-2016-7982 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti… | |||
| CVE-2016-2233 | high | 7.5 | 8.5 | 10y ago | Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP … | |||
| CVE-2016-7434 | high | 7.5 | 8.5 | 10y ago | The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | |||
| CVE-2016-4806 | high | 7.5 | 8.5 | 10y ago | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | |||
| CVE-2016-10031 | high | 7.5 | 8.5 | 10y ago | WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l… | |||
| CVE-2016-7288 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-7287 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, ak… | |||
| CVE-2016-7286 | high | 7.5 | 8.5 | 10y ago | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti… | |||
| CVE-2016-9838 | high | 7.5 | 8.5 | 10y ago | An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… | |||
| CVE-2016-8740 | high | 7.5 | 8.5 | 10y ago | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca… | |||
| CVE-2016-7241 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-7240 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7203 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7202 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7194 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7190 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-7189 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3387 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof… | |||
| CVE-2016-3386 | high | 7.5 | 8.5 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-2776 | high | 7.5 | 8.5 | 10y ago | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-3247 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2016-6855 | high | 7.5 | 8.5 | 10y ago | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds wr… | |||
| CVE-2016-5677 | high | 7.5 | 8.5 | 10y ago | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows… | |||
| CVE-2016-5676 | high | 7.5 | 8.5 | 10y ago | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwo… | |||
| CVE-2016-3288 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20… | |||
| CVE-2016-3237 | high | 7.5 | 8.5 | 10y ago | Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows ma… | |||
| CVE-2016-6515 | high | 7.5 | 8.5 | 10y ago | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (cryp… | |||
| CVE-2016-5639 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src … | |||
| CVE-2016-1610 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrict… | |||
| CVE-2016-4232 | high | 7.5 | 8.5 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory … | |||
| CVE-2016-1336 | high | 7.5 | 8.5 | 10y ago | goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of … | |||
| CVE-2016-1328 | high | 7.5 | 8.5 | 10y ago | goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Ser… | |||
| CVE-2016-4309 | high | 7.5 | 8.5 | 10y ago | Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||
| CVE-2016-1543 | high | 7.5 | 8.5 | 10y ago | The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary use… | |||
| CVE-2016-1542 | high | 7.5 | 8.5 | 10y ago | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by send… | |||
| CVE-2016-4108 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1106 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1105 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1104 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1103 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1102 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1101 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-1096 | high | 7.5 | 8.5 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4535 | high | 7.5 | 8.5 | 10y ago | Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed exe… | |||
| CVE-2016-2055 | high | 7.5 | 8.5 | 10y ago | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||
| CVE-2016-0793 | high | 7.5 | 8.5 | 10y ago | WildFly has incomplete blacklist vulnerability | |||
| CVE-2016-0111 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2016-0108 | high | 7.5 | 8.5 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2016-2389 | high | 7.5 | 8.5 | 10y ago | Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitra… | |||
| CVE-2016-0956 | high | 7.5 | 8.5 | 11y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post | |||
| CVE-2016-1879 | high | 7.5 | 8.5 | 11y ago | The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denia… | |||
| CVE-2016-2087 | high | 7.4 | 8.4 | 10y ago | Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | |||
| CVE-2016-1713 | high | 7.3 | 8.3 | 9y ago | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated… | |||
| CVE-2016-10009 | high | 7.3 | 8.3 | 10y ago | Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s… | |||
| CVE-2016-3962 | high | 7.3 | 8.3 | 10y ago | Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, … | |||
| CVE-2016-2210 | high | 7.3 | 8.3 | 10y ago | Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway… | |||
| CVE-2016-2209 | high | 7.3 | 8.3 | 10y ago | Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway;… | |||
| CVE-2016-2098 | high | 7.3 | 8.3 | 10y ago | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t… | |||
| CVE-2016-0006 | high | 7.3 | 8.3 | 11y ago | The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Win… | |||
| CVE-2016-9091 | high | 7.2 | 8.2 | 9y ago | Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious ad… | |||
| CVE-2016-9554 | high | 7.2 | 8.2 | 10y ago | The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occu… | |||
| CVE-2016-9553 | high | 7.2 | 8.2 | 10y ago | The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (… | |||
| CVE-2016-1607 | high | 7.2 | 8.2 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administr… | |||
| CVE-2016-5840 | high | 7.2 | 8.2 | 10y ago | hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename… | |||
| CVE-2016-1593 | high | 7.2 | 8.2 | 10y ago | Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a … | |||
| CVE-2016-0709 | high | 7.2 | 8.2 | 10y ago | Path Traversal in Apache Jetspeed | |||
| CVE-2016-2278 | high | 7.2 | 8.2 | 10y ago | Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeat… | |||
| CVE-2016-6816 | high | 7.1 | 8.1 | 9y ago | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b… | |||
| CVE-2016-6896 | high | 7.1 | 8.1 | 10y ago | Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read… | |||
| CVE-2016-4998 | high | 7.1 | 8.1 | 10y ago | The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sens… | |||
| CVE-2016-9351 | high | 7.0 | 8.0 | 9y ago | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | |||
| CVE-2016-10010 | high | 7.0 | 8.0 | 10y ago | sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to … | |||
| CVE-2016-6664 | high | 7.0 | 8.0 | 10y ago | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percon… | |||
| CVE-2016-6663 | high | 7.0 | 8.0 | 10y ago | Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server b… | |||
| CVE-2016-4558 | high | 7.0 | 8.0 | 10y ago | The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a … |