CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0779 | critical | 9.8 | 9.8 | 9y ago | The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. | |||
| CVE-2016-6878 | critical | 9.8 | 9.8 | 9y ago | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstra… | |||
| CVE-2016-10311 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. | |||
| CVE-2016-10321 | critical | 9.8 | 9.8 | 9y ago | web2py is vulnerable to password brute-force attack | |||
| CVE-2016-5074 | critical | 9.8 | 9.8 | 9y ago | CloudView NMS before 2.10a has a format string issue exploitable over SNMP. | |||
| CVE-2016-5070 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||
| CVE-2016-5069 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||
| CVE-2016-5068 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||
| CVE-2016-5066 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | |||
| CVE-2016-5065 | critical | 9.8 | 9.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||
| CVE-2016-5053 | critical | 9.8 | 9.8 | 9y ago | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. | |||
| CVE-2016-6809 | critical | 9.8 | 9.8 | 9y ago | Apache Tika allows Java code execution for serialized objects embedded in MATLAB files | |||
| CVE-2016-10229 | critical | 9.8 | 9.8 | 9y ago | udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with … | |||
| CVE-2016-10312 | critical | 9.8 | 9.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execu… | |||
| CVE-2016-10309 | critical | 9.8 | 9.8 | 9y ago | In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||
| CVE-2016-10308 | critical | 9.8 | 9.8 | 9y ago | Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both S… | |||
| CVE-2016-10307 | critical | 9.8 | 9.8 | 9y ago | Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but t… | |||
| CVE-2016-10306 | critical | 9.8 | 9.8 | 9y ago | Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UN… | |||
| CVE-2016-10305 | critical | 9.8 | 9.8 | 9y ago | Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices … | |||
| CVE-2016-9924 | critical | 9.8 | 9.8 | 9y ago | Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. | |||
| CVE-2016-6807 | critical | 9.8 | 9.8 | 9y ago | Apache Ambari Improper Access Control | |||
| CVE-2016-8749 | critical | 9.8 | 9.8 | 9y ago | Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks | |||
| CVE-2016-10152 | critical | 9.8 | 9.8 | 9y ago | The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root … | |||
| CVE-2016-9125 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au… | |||
| CVE-2016-9124 | critical | 9.8 | 9.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown … | |||
| CVE-2016-6206 | critical | 9.8 | 9.8 | 9y ago | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. | |||
| CVE-2016-10145 | critical | 9.8 | 9.8 | 9y ago | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | |||
| CVE-2016-10144 | critical | 9.8 | 9.8 | 9y ago | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||
| CVE-2016-10133 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments … | |||
| CVE-2016-10128 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspec… | |||
| CVE-2016-5757 | critical | 9.8 | 9.8 | 9y ago | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authenti… | |||
| CVE-2016-4926 | critical | 9.8 | 9.8 | 9y ago | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe… | |||
| CVE-2016-10253 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly speci… | |||
| CVE-2016-5239 | critical | 9.8 | 9.8 | 9y ago | The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2016-7955 | critical | 9.8 | 9.8 | 9y ago | The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain s… | |||
| CVE-2016-10195 | critical | 9.8 | 9.8 | 9y ago | The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack… | |||
| CVE-2016-10166 | critical | 9.8 | 9.8 | 9y ago | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors relate… | |||
| CVE-2016-10188 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to exp… | |||
| CVE-2016-4658 | critical | 9.8 | 9.8 | 9y ago | Nokogiri does not forbid namespace nodes in XPointer ranges | |||
| CVE-2016-9087 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2016-9020 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parame… | |||
| CVE-2016-9019 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute ar… | |||
| CVE-2016-8863 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possi… | |||
| CVE-2016-7789 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. | |||
| CVE-2016-7788 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2016-7784 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the s… | |||
| CVE-2016-7783 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||
| CVE-2016-7782 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. | |||
| CVE-2016-7781 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author paramet… | |||
| CVE-2016-7780 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||
| CVE-2016-7145 | critical | 9.8 | 9.8 | 9y ago | The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE paramet… | |||
| CVE-2016-7407 | critical | 9.8 | 9.8 | 9y ago | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | |||
| CVE-2016-7406 | critical | 9.8 | 9.8 | 9y ago | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | |||
| CVE-2016-10204 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | |||
| CVE-2016-8233 | critical | 9.8 | 9.8 | 9y ago | Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||
| CVE-2016-9558 | critical | 9.8 | 9.8 | 9y ago | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negati… | |||
| CVE-2016-1245 | critical | 9.8 | 9.8 | 9y ago | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSI… | |||
| CVE-2016-9400 | critical | 9.8 | 9.8 | 9y ago | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code… | |||
| CVE-2016-9053 | critical | 9.8 | 9.8 | 9y ago | An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a… | |||
| CVE-2016-9051 | critical | 9.8 | 9.8 | 9y ago | An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-boun… | |||
| CVE-2016-7663 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. … | |||
| CVE-2016-7630 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspec… | |||
| CVE-2016-6875 | critical | 9.8 | 9.8 | 9y ago | Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2016-6874 | critical | 9.8 | 9.8 | 9y ago | The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | |||
| CVE-2016-6873 | critical | 9.8 | 9.8 | 9y ago | Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2016-6872 | critical | 9.8 | 9.8 | 9y ago | Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2016-6871 | critical | 9.8 | 9.8 | 9y ago | Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | |||
| CVE-2016-6870 | critical | 9.8 | 9.8 | 9y ago | Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2016-6233 | critical | 9.8 | 9.8 | 9y ago | Zend Framework Allows SQL Injection | |||
| CVE-2016-4861 | critical | 9.8 | 9.8 | 9y ago | Zend Framework Allows SQL Injection | |||
| CVE-2016-0360 | critical | 9.8 | 9.8 | 9y ago | IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding … | |||
| CVE-2016-9369 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9366 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-9333 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's… | |||
| CVE-2016-8567 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database… | |||
| CVE-2016-8378 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | |||
| CVE-2016-8364 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. | |||
| CVE-2016-8348 | critical | 9.8 | 9.8 | 9y ago | An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML par… | |||
| CVE-2016-8347 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. | |||
| CVE-2016-8341 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's databa… | |||
| CVE-2016-5818 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | |||
| CVE-2016-5815 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is confi… | |||
| CVE-2016-8859 | critical | 9.8 | 9.8 | 9y ago | Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. | |||
| CVE-2016-7565 | critical | 9.8 | 9.8 | 9y ago | install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | |||
| CVE-2016-5100 | critical | 9.8 | 9.8 | 9y ago | Froxlor guessable password reset token | |||
| CVE-2016-2788 | critical | 9.8 | 9.8 | 9y ago | MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||
| CVE-2016-5726 | critical | 9.8 | 9.8 | 9y ago | Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||
| CVE-2016-2148 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | |||
| CVE-2016-10192 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failur… | |||
| CVE-2016-10191 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by levera… | |||
| CVE-2016-10190 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a nega… | |||
| CVE-2016-9005 | critical | 9.8 | 9.8 | 9y ago | IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. | |||
| CVE-2016-8954 | critical | 9.8 | 9.8 | 9y ago | IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |||
| CVE-2016-8418 | critical | 9.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to t… | |||
| CVE-2016-6667 | critical | 9.8 | 9.8 | 9y ago | NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-5711 | critical | 9.8 | 9.8 | 9y ago | NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | |||
| CVE-2016-2403 | critical | 9.8 | 9.8 | 9y ago | Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | |||
| CVE-2016-6199 | critical | 9.8 | 9.8 | 9y ago | ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | |||
| CVE-2016-7447 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2016-7446 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete… |