CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8714 | high | 8.8 | 8.8 | 9y ago | An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting i… | |||
| CVE-2016-9726 | high | 8.8 | 8.8 | 9y ago | IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne… | |||
| CVE-2016-8940 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that acc… | |||
| CVE-2016-7408 | high | 8.8 | 8.8 | 9y ago | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | |||
| CVE-2016-10206 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspe… | |||
| CVE-2016-5374 | high | 8.8 | 8.8 | 9y ago | NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e… | |||
| CVE-2016-2226 | high | 7.8 | 8.8 | 9y ago | Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. | |||
| CVE-2016-9975 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that … | |||
| CVE-2016-9314 | high | 7.8 | 8.8 | 9y ago | Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent… | |||
| CVE-2016-7661 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr… | |||
| CVE-2016-7660 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow… | |||
| CVE-2016-7659 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows… | |||
| CVE-2016-7658 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows… | |||
| CVE-2016-7656 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7654 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7652 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7649 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7648 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7646 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7645 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7644 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7642 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7641 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7640 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7639 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7637 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7635 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7633 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial … | |||
| CVE-2016-7632 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7621 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7617 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7612 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7611 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7610 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7596 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7595 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It all… | |||
| CVE-2016-7594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows r… | |||
| CVE-2016-7589 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3… | |||
| CVE-2016-7588 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" compone… | |||
| CVE-2016-7587 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-7582 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privile… | |||
| CVE-2016-7578 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1… | |||
| CVE-2016-4764 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKi… | |||
| CVE-2016-4692 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-4691 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It a… | |||
| CVE-2016-4688 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 … | |||
| CVE-2016-4677 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4669 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4667 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of … | |||
| CVE-2016-4666 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows … | |||
| CVE-2016-4617 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | |||
| CVE-2016-8677 | high | 8.8 | 8.8 | 9y ago | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation… | |||
| CVE-2016-8972 | high | 7.8 | 8.8 | 9y ago | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||
| CVE-2016-8866 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocatio… | |||
| CVE-2016-8862 | high | 8.8 | 8.8 | 9y ago | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failur… | |||
| CVE-2016-6079 | high | 7.8 | 8.8 | 9y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… | |||
| CVE-2016-6033 | high | 8.8 | 8.8 | 9y ago | IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr… | |||
| CVE-2016-9365 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-8369 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the r… | |||
| CVE-2016-5796 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or t… | |||
| CVE-2016-3616 | high | 8.8 | 8.8 | 9y ago | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | |||
| CVE-2016-5727 | high | 8.8 | 8.8 | 9y ago | LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input… | |||
| CVE-2016-6103 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-8932 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8931 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-8941 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website… | |||
| CVE-2016-8921 | high | 8.8 | 8.8 | 10y ago | IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6124 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||
| CVE-2016-6045 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2016-5952 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete informati… | |||
| CVE-2016-5937 | high | 8.8 | 8.8 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust… | |||
| CVE-2016-3053 | high | 7.8 | 8.8 | 10y ago | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||
| CVE-2016-3029 | high | 8.8 | 8.8 | 10y ago | IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tr… | |||
| CVE-2016-6270 | high | 8.8 | 8.8 | 10y ago | The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrar… | |||
| CVE-2016-6266 | high | 8.8 | 8.8 | 10y ago | ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via… | |||
| CVE-2016-2399 | high | 7.8 | 8.8 | 10y ago | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h… | |||
| CVE-2016-9218 | high | 8.8 | 8.8 | 10y ago | A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Inform… | |||
| CVE-2016-9304 | high | 8.8 | 8.8 | 10y ago | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. | |||
| CVE-2016-9383 | high | 8.8 | 8.8 | 10y ago | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute … | |||
| CVE-2016-9012 | high | 8.8 | 8.8 | 10y ago | CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/cons… | |||
| CVE-2016-7792 | high | 8.8 | 8.8 | 10y ago | Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | |||
| CVE-2016-6521 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of … | |||
| CVE-2016-1417 | high | 8.8 | 8.8 | 10y ago | Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same… | |||
| CVE-2016-0769 | high | 8.8 | 8.8 | 10y ago | Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote… | |||
| CVE-2016-10156 | high | 7.8 | 8.8 | 10y ago | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th… | |||
| CVE-2016-6253 | high | 7.8 | 8.8 | 10y ago | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th… | |||
| CVE-2016-9016 | high | 8.8 | 8.8 | 10y ago | Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-7793 | high | 8.8 | 8.8 | 10y ago | sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||
| CVE-2016-7545 | high | 8.8 | 8.8 | 10y ago | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||
| CVE-2016-5213 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5211 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5210 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5209 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5206 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5203 | high | 8.8 | 8.8 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5200 | high | 8.8 | 8.8 | 10y ago | V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attac… | |||
| CVE-2016-5199 | high | 8.8 | 8.8 | 10y ago | An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for A… | |||
| CVE-2016-5197 | high | 8.8 | 8.8 | 10y ago | The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbi… | |||
| CVE-2016-5196 | high | 8.8 | 8.8 | 10y ago | The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any d… | |||
| CVE-2016-3406 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) th… |