CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9899 | critical | — | 10.0 | — | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird… | |||
| CVE-2016-9651 | critical | — | 10.0 | — | multiple issues in chromium | |||
| CVE-2016-9079 | critical | — | 10.0 | 3y ago | Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. | |||
| CVE-2016-6256 | critical | 9.6 | 10.0 | 9y ago | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i… | |||
| CVE-2016-10372 | critical | 9.8 | 10.0 | 9y ago | The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80… | |||
| CVE-2016-1560 | critical | 9.8 | 10.0 | 9y ago | ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote … | |||
| CVE-2016-2555 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | |||
| CVE-2016-4337 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. | |||
| CVE-2016-7552 | critical | 9.8 | 10.0 | 9y ago | On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can… | |||
| CVE-2016-7547 | critical | 9.8 | 10.0 | 9y ago | A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | |||
| CVE-2016-9684 | critical | 9.8 | 10.0 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewc… | |||
| CVE-2016-9683 | critical | 9.8 | 10.0 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'exten… | |||
| CVE-2016-9682 | critical | 9.8 | 10.0 | 9y ago | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the … | |||
| CVE-2016-9269 | critical | 9.9 | 10.0 | 9y ago | Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,… | |||
| CVE-2016-10134 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | |||
| CVE-2016-3694 | critical | 9.8 | 10.0 | 9y ago | Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi… | |||
| CVE-2016-9361 | critical | 9.8 | 10.0 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-7400 | critical | 9.8 | 10.0 | 9y ago | Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,… | |||
| CVE-2016-6175 | critical | 9.8 | 10.0 | 9y ago | Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | |||
| CVE-2016-10043 | critical | 10.0 | 10.0 | 10y ago | An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use… | |||
| CVE-2016-10176 | critical | 9.8 | 10.0 | 10y ago | The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server… | |||
| CVE-2016-10175 | critical | 9.8 | 10.0 | 10y ago | The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password… | |||
| CVE-2016-7567 | critical | 9.8 | 10.0 | 10y ago | Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | |||
| CVE-2016-6603 | critical | 9.8 | 10.0 | 10y ago | ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | |||
| CVE-2016-6602 | critical | 9.8 | 10.0 | 10y ago | ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/… | |||
| CVE-2016-6600 | critical | 9.8 | 10.0 | 10y ago | Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the… | |||
| CVE-2016-4010 | critical | 9.8 | 10.0 | 10y ago | Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | |||
| CVE-2016-9299 | critical | 9.8 | 10.0 | 10y ago | Improper Neutralization of Special Elements used in an LDAP Query in Jenkins | |||
| CVE-2016-10108 | critical | 9.8 | 10.0 | 10y ago | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | |||
| CVE-2016-10074 | critical | 9.8 | 10.0 | 10y ago | Swift Mailer mail transport Command Injection | |||
| CVE-2016-10045 | critical | 9.8 | 10.0 | 10y ago | Remote code execution in PHPMailer | |||
| CVE-2016-10034 | critical | 9.8 | 10.0 | 10y ago | zend-mail remote code execution via Sendmail adapter | |||
| CVE-2016-7456 | critical | 9.8 | 10.0 | 10y ago | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. | |||
| CVE-2016-9565 | critical | 9.8 | 10.0 | 10y ago | MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed serv… | |||
| CVE-2016-7866 | critical | 9.8 | 10.0 | 10y ago | Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2016-9796 | critical | 9.8 | 10.0 | 10y ago | Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista i… | |||
| CVE-2016-9150 | critical | 9.8 | 10.0 | 10y ago | Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 … | |||
| CVE-2016-8869 | critical | 9.8 | 10.0 | 10y ago | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o… | |||
| CVE-2016-8582 | critical | 9.8 | 10.0 | 10y ago | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via… | |||
| CVE-2016-8580 | critical | 9.8 | 10.0 | 10y ago | PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included cl… | |||
| CVE-2016-7182 | critical | 9.8 | 10.0 | 10y ago | The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607… | |||
| CVE-2016-1000125 | critical | 9.8 | 10.0 | 10y ago | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||
| CVE-2016-1000124 | critical | 9.8 | 10.0 | 10y ago | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | |||
| CVE-2016-1000123 | critical | 9.8 | 10.0 | 10y ago | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | |||
| CVE-2016-6662 | critical | 9.8 | 10.0 | 10y ago | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo… | |||
| CVE-2016-5678 | critical | 9.8 | 10.0 | 10y ago | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||
| CVE-2016-5675 | critical | 9.8 | 10.0 | 10y ago | handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remot… | |||
| CVE-2016-5674 | critical | 9.8 | 10.0 | 10y ago | __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbit… | |||
| CVE-2016-6195 | critical | 9.8 | 10.0 | 10y ago | SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2016-6909 | critical | 9.8 | 10.0 | 10y ago | Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code … | |||
| CVE-2016-3078 | critical | 9.8 | 10.0 | 10y ago | Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly hav… | |||
| CVE-2016-3510 | critical | 9.8 | 10.0 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2016-4372 | critical | 9.8 | 10.0 | 10y ago | HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote… | |||
| CVE-2016-4208 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4207 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4206 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4205 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4204 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4203 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-4201 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker… | |||
| CVE-2016-5734 | critical | 9.8 | 10.0 | 10y ago | phpMyAdmin Code Injection vulnerability | |||
| CVE-2016-5228 | critical | 9.8 | 10.0 | 10y ago | Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers t… | |||
| CVE-2016-1606 | critical | 9.8 | 10.0 | 10y ago | Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXS… | |||
| CVE-2016-3645 | critical | 9.8 | 10.0 | 10y ago | Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web … | |||
| CVE-2016-4138 | critical | 9.8 | 10.0 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-3236 | critical | 9.8 | 10.0 | 10y ago | The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT… | |||
| CVE-2016-5108 | critical | 9.8 | 10.0 | 10y ago | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute ar… | |||
| CVE-2016-3087 | critical | 9.8 | 10.0 | 10y ago | Apache Struts vulnerable to arbitrary remote code execution due to improper input validation | |||
| CVE-2016-4071 | critical | 9.8 | 10.0 | 10y ago | Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via for… | |||
| CVE-2016-2208 | critical | 9.1 | 10.0 | 10y ago | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system … | |||
| CVE-2016-2298 | critical | 9.8 | 10.0 | 10y ago | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | |||
| CVE-2016-2296 | critical | 9.4 | 10.0 | 10y ago | Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat… | |||
| CVE-2016-1209 | critical | 9.8 | 10.0 | 10y ago | The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | |||
| CVE-2016-1077 | critical | 9.8 | 10.0 | 10y ago | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker… | |||
| CVE-2016-3074 | critical | 9.8 | 10.0 | 10y ago | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g… | |||
| CVE-2016-2004 | critical | 9.8 | 10.0 | 10y ago | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulner… | |||
| CVE-2016-2417 | critical | 9.8 | 10.0 | 10y ago | media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta… | |||
| CVE-2016-3987 | critical | 9.8 | 10.0 | 10y ago | The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | |||
| CVE-2016-2385 | critical | 9.8 | 10.0 | 10y ago | Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memo… | |||
| CVE-2016-2851 | critical | 9.8 | 10.0 | 10y ago | Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a s… | |||
| CVE-2016-2563 | critical | 9.8 | 10.0 | 10y ago | Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute… | |||
| CVE-2016-3974 | critical | 9.1 | 10.0 | 10y ago | XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access… | |||
| CVE-2016-1741 | critical | 9.8 | 10.0 | 10y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) vi… | |||
| CVE-2016-2345 | critical | 9.8 | 10.0 | 10y ago | Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string. | |||
| CVE-2016-0954 | critical | 9.8 | 10.0 | 10y ago | Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-1524 | critical | 9.6 | 10.0 | 10y ago | Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-… | |||
| CVE-2016-1287 | critical | 9.8 | 10.0 | 11y ago | Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7),… | |||
| CVE-2016-0953 | critical | 9.8 | 10.0 | 11y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0952 | critical | 9.8 | 10.0 | 11y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0951 | critical | 9.8 | 10.0 | 11y ago | Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci… | |||
| CVE-2016-0801 | critical | 9.8 | 10.0 | 11y ago | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2016-1909 | critical | 9.8 | 10.0 | 11y ago | Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 a… | |||
| CVE-2016-0854 | critical | 9.8 | 10.0 | 11y ago | Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to … | |||
| CVE-2016-3714 | unknown | — | 2.5 | 2y ago | ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code v… | |||
| CVE-2016-20017 | unknown | — | 2.5 | 2y ago | D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. | |||
| CVE-2016-0165 | unknown | — | 2.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2016-6415 | unknown | — | 2.5 | 3y ago | Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information… | |||
| CVE-2016-2388 | unknown | — | 2.5 | 4y ago | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | |||
| CVE-2016-2386 | unknown | — | 2.5 | 4y ago | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-0984 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. |