Vulnerabilities (CVE)

Total 16400 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6082 1 Ibm 1 Bigfix Platform 2017-02-08 10.0 HIGH 10.0 CRITICAL
IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2016-6095 1 Ibm 1 Security Key Lifecycle Manager 2017-02-07 5.0 MEDIUM 9.8 CRITICAL
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2016-8411 1 Google 1 Android 2017-02-07 10.0 HIGH 9.8 CRITICAL
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
CVE-2016-10157 1 Akamai 1 Netsession 2017-02-07 7.5 HIGH 9.8 CRITICAL
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.
CVE-2016-9420 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 9.8 CRITICAL
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."
CVE-2016-9412 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 9.8 CRITICAL
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
CVE-2016-9403 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 9.8 CRITICAL
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
CVE-2016-9416 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9402 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-8974 1 Mybb 2 Merge System, Mybb 2017-02-05 7.5 HIGH 10.0 CRITICAL
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1010 5 Adobe, Apple, Google and 2 more 13 Air, Air Sdk, Air Sdk \\\& Compiler and 10 more 2017-02-04 10.0 HIGH 9.8 CRITICAL
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
CVE-2016-0963 5 Adobe, Apple, Google and 2 more 13 Air, Air Sdk, Air Sdk \\\& Compiler and 10 more 2017-02-04 10.0 HIGH 9.8 CRITICAL
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010.
CVE-2016-0993 5 Adobe, Apple, Google and 2 more 13 Air, Air Sdk, Air Sdk \\\& Compiler and 10 more 2017-02-04 10.0 HIGH 9.8 CRITICAL
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010.
CVE-2016-1031 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2017-02-02 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.
CVE-2016-6164 1 Ffmpeg 1 Ffmpeg 2017-02-01 7.5 HIGH 9.8 CRITICAL
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
CVE-2016-7036 1 Python-jose Project 1 Python-jose 2017-02-01 7.5 HIGH 9.8 CRITICAL
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
CVE-2016-5528 1 Oracle 1 Glassfish Server 2017-01-31 6.8 MEDIUM 9.0 CRITICAL
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
CVE-2016-9306 1 Autodesk 1 Fbx Software Development Kit 2017-01-28 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
CVE-2016-9303 1 Autodesk 1 Fbx Software Development Kit 2017-01-28 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
CVE-2016-9305 1 Autodesk 1 Fbx Software Development Kit 2017-01-28 7.5 HIGH 9.8 CRITICAL
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.