Vulnerabilities (CVE)

Total 23448 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4464 1 Apache 1 Cxf Fediz 2023-12-10 7.5 HIGH 9.8 CRITICAL
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
CVE-2016-4598 1 Apple 1 Mac Os X 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
CVE-2015-7182 2 Mozilla, Oracle 8 Firefox, Firefox Esr, Network Security Services and 5 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2016-6956 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.
CVE-2015-7792 1 Corega 1 Cg-wlbargs Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
CVE-2016-1989 1 Hp 1 Network Automation 2023-12-10 10.0 HIGH 9.8 CRITICAL
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
CVE-2016-6397 1 Cisco 1 Ip Interoperability And Collaboration System 2023-12-10 10.0 HIGH 9.8 CRITICAL
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).
CVE-2016-2141 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Jgroups 2023-12-10 7.5 HIGH 9.8 CRITICAL
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
CVE-2015-7930 1 Adcon 1 A840 Telemetry Gateway Base Station Firmware 2023-12-10 10.0 HIGH 10.0 CRITICAL
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
CVE-2016-3468 1 Oracle 1 Agile Engineering Data Management 2023-12-10 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.
CVE-2016-3065 1 Postgresql 1 Postgresql 2023-12-10 8.5 HIGH 9.1 CRITICAL
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.
CVE-2016-7504 1 Artifex 1 Mujs 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition.
CVE-2016-0216 1 Ibm 1 Tivoli Storage Manager Fastback 2023-12-10 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.
CVE-2016-0212 1 Ibm 1 Tivoli Storage Manager Fastback 2023-12-10 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.
CVE-2016-2397 1 Sonicwall 4 Analyzer, Global Management System, Uma Em5000 and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
CVE-2016-1363 1 Cisco 1 Wireless Lan Controller Software 2023-12-10 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.
CVE-2016-5280 1 Mozilla 2 Firefox, Firefox Esr 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
CVE-2016-4328 1 Medhost 1 Perioperative Information Management System 2023-12-10 10.0 HIGH 9.8 CRITICAL
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
CVE-2016-1044 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2023-12-10 10.0 HIGH 10.0 CRITICAL
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117.
CVE-2016-3987 1 Trendmicro 1 Password Manager 2023-12-10 10.0 HIGH 9.8 CRITICAL
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.