| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-1000 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21... | E S | |
| CVE-2016-1001 | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0... | E S | |
| CVE-2016-1002 | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and... | E S | |
| CVE-2016-1003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candida... | R | |
| CVE-2016-1004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2016-1005 | Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and... | S | |
| CVE-2016-1006 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1007 | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, ... | S | |
| CVE-2016-1008 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat ... | S | |
| CVE-2016-1009 | Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, ... | S | |
| CVE-2016-1010 | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on ... | KEV S | |
| CVE-2016-1011 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21... | E S | |
| CVE-2016-1012 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1013 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21... | E S | |
| CVE-2016-1014 | Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x be... | S | |
| CVE-2016-1015 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1016 | Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.... | S | |
| CVE-2016-1017 | Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343... | S | |
| CVE-2016-1018 | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.... | S | |
| CVE-2016-1019 | Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (appl... | KEV S | |
| CVE-2016-1020 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1021 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1022 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1023 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1024 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1025 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1026 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1027 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1028 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1029 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1030 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1031 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21... | S | |
| CVE-2016-1032 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1033 | Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and... | S | |
| CVE-2016-1034 | The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop ... | | |
| CVE-2016-1035 | Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensit... | | |
| CVE-2016-1036 | Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before ... | | |
| CVE-2016-1037 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1038 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1039 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1040 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1041 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1042 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1043 | Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic b... | S | |
| CVE-2016-1044 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1045 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1046 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1047 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1048 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1049 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1050 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1051 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1052 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1053 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1054 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1055 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1056 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1057 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1058 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1059 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1060 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1061 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1062 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1063 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1064 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1065 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1066 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1067 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1068 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1069 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1070 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1071 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1072 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1073 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1074 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1075 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1076 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1077 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | E S | |
| CVE-2016-1078 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1079 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1080 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1081 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1082 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1083 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1084 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1085 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1086 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1087 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat ... | S | |
| CVE-2016-1088 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1089 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1090 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat ... | S | |
| CVE-2016-1091 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | M | |
| CVE-2016-1092 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1093 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1094 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1095 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1096 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1097 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1098 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1099 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1100 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1101 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1102 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1103 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1104 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1105 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1106 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-1107 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1108 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1109 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1110 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-1111 | Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ... | | |
| CVE-2016-1112 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1113 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8... | | |
| CVE-2016-1114 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote att... | | |
| CVE-2016-1115 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildca... | | |
| CVE-2016-1116 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1117 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1118 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1119 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1120 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1121 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1122 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-1123 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1124 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1125 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1126 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1127 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1128 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1129 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1130 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-1131 | Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote at... | | |
| CVE-2016-1132 | Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.... | | |
| CVE-2016-1133 | CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 an... | | |
| CVE-2016-1134 | Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and ... | | |
| CVE-2016-1135 | Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier... | | |
| CVE-2016-1136 | Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authe... | | |
| CVE-2016-1137 | Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redir... | | |
| CVE-2016-1138 | CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inje... | | |
| CVE-2016-1139 | Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remot... | | |
| CVE-2016-1140 | KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unsp... | | |
| CVE-2016-1141 | KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS comman... | | |
| CVE-2016-1142 | Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execu... | | |
| CVE-2016-1143 | Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attac... | S | |
| CVE-2016-1144 | Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTE... | | |
| CVE-2016-1145 | Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows... | | |
| CVE-2016-1146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1148 | Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.... | | |
| CVE-2016-1149 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke... | | |
| CVE-2016-1150 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke... | | |
| CVE-2016-1151 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 all... | | |
| CVE-2016-1152 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restr... | | |
| CVE-2016-1153 | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial ... | | |
| CVE-2016-1154 | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote att... | | |
| CVE-2016-1155 | HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows ... | M | |
| CVE-2016-1156 | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated user... | | |
| CVE-2016-1157 | Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remot... | | |
| CVE-2016-1158 | Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows... | | |
| CVE-2016-1159 | In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivile... | | |
| CVE-2016-1160 | Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress ... | S | |
| CVE-2016-1161 | Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Bui... | | |
| CVE-2016-1162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1167 | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers... | | |
| CVE-2016-1168 | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 an... | | |
| CVE-2016-1169 | Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows rem... | | |
| CVE-2016-1170 | Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS all... | | |
| CVE-2016-1171 | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remo... | | |
| CVE-2016-1172 | Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allo... | | |
| CVE-2016-1173 | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows rem... | | |
| CVE-2016-1174 | Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS all... | | |
| CVE-2016-1175 | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.... | | |
| CVE-2016-1176 | Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbi... | | |
| CVE-2016-1177 | The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 an... | | |
| CVE-2016-1178 | The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allow... | | |
| CVE-2016-1179 | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in ap... | | |
| CVE-2016-1180 | Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 f... | | |
| CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an Actio... | S | |
| CVE-2016-1182 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator co... | S | |
| CVE-2016-1183 | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Inter... | | |
| CVE-2016-1184 | Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validat... | | |
| CVE-2016-1185 | The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an a... | | |
| CVE-2016-1186 | Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.... | | |
| CVE-2016-1187 | Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL ... | | |
| CVE-2016-1188 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail mess... | | |
| CVE-2016-1189 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrict... | | |
| CVE-2016-1190 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on M... | | |
| CVE-2016-1191 | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 al... | S | |
| CVE-2016-1192 | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 all... | S | |
| CVE-2016-1193 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information ... | | |
| CVE-2016-1194 | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.... | | |
| CVE-2016-1195 | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to red... | S | |
| CVE-2016-1196 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access r... | S | |
| CVE-2016-1197 | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers t... | S | |
| CVE-2016-1198 | Photopt for Android before 2.0.1 does not verify SSL certificates.... | | |
| CVE-2016-1199 | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attacker... | S | |
| CVE-2016-1200 | The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to byp... | S | |
| CVE-2016-1201 | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote ... | S | |
| CVE-2016-1202 | Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privil... | | |
| CVE-2016-1203 | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and Sa... | | |
| CVE-2016-1205 | Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin... | | |
| CVE-2016-1206 | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devic... | | |
| CVE-2016-1207 | Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and ... | | |
| CVE-2016-1208 | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code ... | | |
| CVE-2016-1209 | The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object i... | E | |
| CVE-2016-1210 | The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL... | | |
| CVE-2016-1211 | Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote at... | | |
| CVE-2016-1212 | Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier ... | | |
| CVE-2016-1213 | The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to ... | | |
| CVE-2016-1214 | Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before ... | | |
| CVE-2016-1215 | Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.... | | |
| CVE-2016-1216 | Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4... | | |
| CVE-2016-1217 | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon be... | | |
| CVE-2016-1218 | SQL injection vulnerability in Cybozu Garoon before 4.2.2.... | | |
| CVE-2016-1219 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors relate... | | |
| CVE-2016-1220 | Cybozu Garoon before 4.2.2 does not properly restrict access.... | | |
| CVE-2016-1221 | Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows m... | | |
| CVE-2016-1222 | Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows re... | S | |
| CVE-2016-1223 | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Serv... | | |
| CVE-2016-1224 | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free ... | | |
| CVE-2016-1225 | Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecifi... | | |
| CVE-2016-1226 | Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote att... | | |
| CVE-2016-1227 | NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier ... | | |
| CVE-2016-1228 | Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-40... | | |
| CVE-2016-1229 | Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta befor... | S | |
| CVE-2016-1230 | Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2... | | |
| CVE-2016-1231 | Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x ... | S | |
| CVE-2016-1232 | The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the sec... | S | |
| CVE-2016-1233 | An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch bef... | | |
| CVE-2016-1234 | Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, whe... | E S | |
| CVE-2016-1235 | The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensit... | S | |
| CVE-2016-1236 | Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.ph... | | |
| CVE-2016-1237 | nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restric... | | |
| CVE-2016-1238 | (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep,... | | |
| CVE-2016-1239 | duck before 0.10 did not properly handle loading of untrusted code from the current directory.... | S | |
| CVE-2016-1240 | The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.... | E | |
| CVE-2016-1241 | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x befo... | | |
| CVE-2016-1242 | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and... | | |
| CVE-2016-1243 | Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute ... | S | |
| CVE-2016-1244 | The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metach... | S | |
| CVE-2016-1245 | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based bu... | S | |
| CVE-2016-1246 | Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to... | S | |
| CVE-2016-1247 | The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6... | E | |
| CVE-2016-1248 | vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap... | S | |
| CVE-2016-1249 | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allo... | S | |
| CVE-2016-1250 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1251 | There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database ... | S | |
| CVE-2016-1252 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14... | E | |
| CVE-2016-1253 | The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and ... | S | |
| CVE-2016-1254 | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a c... | S | |
| CVE-2016-1255 | The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian ... | S | |
| CVE-2016-1256 | Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 be... | | |
| CVE-2016-1257 | The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13... | | |
| CVE-2016-1258 | Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D4... | | |
| CVE-2016-1260 | Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 se... | | |
| CVE-2016-1261 | Junos: vulnerabilities in J-Web (CVE-2016-1261) | M | |
| CVE-2016-1262 | Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.... | | |
| CVE-2016-1263 | Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48... | | |
| CVE-2016-1264 | Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40,... | | |
| CVE-2016-1265 | Junos Space: privilege escalation vulnerabilities in Junos Space | M | |
| CVE-2016-1267 | Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X... | | |
| CVE-2016-1268 | The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attacker... | | |
| CVE-2016-1269 | Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 be... | | |
| CVE-2016-1270 | The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12... | | |
| CVE-2016-1271 | Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before... | | |
| CVE-2016-1273 | Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100... | | |
| CVE-2016-1274 | Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause ... | | |
| CVE-2016-1275 | Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured wit... | | |
| CVE-2016-1276 | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.... | M | |
| CVE-2016-1277 | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 be... | M | |
| CVE-2016-1278 | Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and ... | M | |
| CVE-2016-1279 | J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 1... | | |
| CVE-2016-1280 | PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30,... | | |
| CVE-2016-1281 | Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.... | E S | |
| CVE-2016-1283 | The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-... | E | |
| CVE-2016-1284 | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect i... | | |
| CVE-2016-1285 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME rec... | | |
| CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a... | | |
| CVE-2016-1287 | Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 b... | E | |
| CVE-2016-1288 | The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security A... | | |
| CVE-2016-1289 | The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM... | | |
| CVE-2016-1290 | The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Networ... | | |
| CVE-2016-1291 | Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM... | | |
| CVE-2016-1293 | Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT Syst... | | |
| CVE-2016-1294 | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software... | | |
| CVE-2016-1295 | Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive inf... | | |
| CVE-2016-1296 | The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, a... | | |
| CVE-2016-1297 | The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remot... | | |
| CVE-2016-1298 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1),... | | |
| CVE-2016-1299 | The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote at... | | |
| CVE-2016-1300 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote a... | | |
| CVE-2016-1301 | The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisc... | | |
| CVE-2016-1302 | Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1... | | |
| CVE-2016-1303 | The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial o... | | |
| CVE-2016-1304 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attack... | | |
| CVE-2016-1305 | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enter... | | |
| CVE-2016-1306 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attack... | | |
| CVE-2016-1307 | The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express ... | | |
| CVE-2016-1308 | SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote au... | | |
| CVE-2016-1309 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow rem... | | |
| CVE-2016-1310 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attacke... | | |
| CVE-2016-1311 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10... | | |
| CVE-2016-1312 | The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6... | | |
| CVE-2016-1313 | Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, a... | | |
| CVE-2016-1314 | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1)... | | |
| CVE-2016-1315 | The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance... | | |
| CVE-2016-1316 | Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with J... | | |
| CVE-2016-1317 | Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain s... | | |
| CVE-2016-1318 | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enter... | | |
| CVE-2016-1319 | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.1290... | | |
| CVE-2016-1320 | The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS command... | | |
| CVE-2016-1321 | Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key ... | | |
| CVE-2016-1322 | The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restr... | | |
| CVE-2016-1323 | The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive info... | | |
| CVE-2016-1324 | The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (reso... | | |
| CVE-2016-1325 | The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain... | | |
| CVE-2016-1326 | The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to ca... | | |
| CVE-2016-1327 | Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_ima... | | |
| CVE-2016-1328 | goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service ... | E | |
| CVE-2016-1329 | Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5... | | |
| CVE-2016-1330 | Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of ... | | |
| CVE-2016-1331 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) all... | | |
| CVE-2016-1332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1333 | Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated u... | | |
| CVE-2016-1334 | Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers ... | | |
| CVE-2016-1335 | The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 500... | | |
| CVE-2016-1336 | goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (... | E | |
| CVE-2016-1337 | Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential inform... | E | |
| CVE-2016-1338 | Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated us... | | |
| CVE-2016-1339 | Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows lo... | | |
| CVE-2016-1340 | Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(... | | |
| CVE-2016-1341 | Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a bl... | | |
| CVE-2016-1342 | The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attacke... | | |
| CVE-2016-1343 | The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files... | | |
| CVE-2016-1344 | The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote at... | | |
| CVE-2016-1345 | Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.... | | |
| CVE-2016-1346 | The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710... | | |
| CVE-2016-1347 | The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allo... | | |
| CVE-2016-1348 | Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of ... | | |
| CVE-2016-1349 | The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7... | | |
| CVE-2016-1350 | Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager all... | | |
| CVE-2016-1351 | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 th... | | |
| CVE-2016-1352 | Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to... | | |
| CVE-2016-1353 | The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0)... | | |
| CVE-2016-1354 | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x b... | | |
| CVE-2016-1355 | Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in ... | | |
| CVE-2016-1356 | Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentia... | | |
| CVE-2016-1357 | The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-a... | | |
| CVE-2016-1358 | Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrar... | | |
| CVE-2016-1359 | Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a cra... | | |
| CVE-2016-1360 | Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across... | | |
| CVE-2016-1361 | Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for ... | | |
| CVE-2016-1362 | Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices al... | | |
| CVE-2016-1363 | Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2... | | |
| CVE-2016-1364 | Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8... | | |
| CVE-2016-1365 | The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module... | | |
| CVE-2016-1366 | The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devi... | | |
| CVE-2016-1367 | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows rem... | | |
| CVE-2016-1368 | Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 an... | | |
| CVE-2016-1369 | The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for ... | | |
| CVE-2016-1370 | Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which ... | | |
| CVE-2016-1371 | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (appl... | E | |
| CVE-2016-1372 | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (appl... | E | |
| CVE-2016-1373 | The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), ... | | |
| CVE-2016-1374 | The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allo... | | |
| CVE-2016-1375 | Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(... | | |
| CVE-2016-1376 | Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a d... | | |
| CVE-2016-1377 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attack... | | |
| CVE-2016-1378 | Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensit... | | |
| CVE-2016-1379 | Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing... | | |
| CVE-2016-1380 | Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers t... | | |
| CVE-2016-1381 | Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) device... | | |
| CVE-2016-1382 | Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandle... | | |
| CVE-2016-1383 | Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attac... | | |
| CVE-2016-1384 | The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attacker... | | |
| CVE-2016-1385 | The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authe... | | |
| CVE-2016-1386 | The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) all... | | |
| CVE-2016-1387 | The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 an... | | |
| CVE-2016-1388 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) an... | | |
| CVE-2016-1389 | Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to red... | | |
| CVE-2016-1390 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) an... | | |
| CVE-2016-1391 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) an... | | |
| CVE-2016-1392 | Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows... | | |
| CVE-2016-1393 | SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows ... | | |
| CVE-2016-1394 | Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote att... | | |
| CVE-2016-1395 | The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devi... | | |
| CVE-2016-1396 | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devic... | | |
| CVE-2016-1397 | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1... | | |
| CVE-2016-1398 | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through ... | | |
| CVE-2016-1399 | The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Ind... | | |
| CVE-2016-1400 | Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to c... | | |
| CVE-2016-1401 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing Syst... | | |
| CVE-2016-1402 | The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.... | | |
| CVE-2016-1403 | CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS co... | | |
| CVE-2016-1404 | Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same... | | |
| CVE-2016-1405 | libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Emai... | | |
| CVE-2016-1406 | The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Networ... | | |
| CVE-2016-1407 | Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, whic... | | |
| CVE-2016-1408 | Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2... | | |
| CVE-2016-1409 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.... | | |
| CVE-2016-1410 | Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive informa... | | |
| CVE-2016-1411 | A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appli... | | |
| CVE-2016-1413 | The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authentic... | | |
| CVE-2016-1415 | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cau... | E | |
| CVE-2016-1416 | Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, w... | | |
| CVE-2016-1417 | Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitr... | E | |
| CVE-2016-1418 | Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access ... | | |
| CVE-2016-1419 | Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of ser... | | |
| CVE-2016-1420 | The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with... | | |
| CVE-2016-1421 | A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote at... | | |
| CVE-2016-1423 | A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco A... | | |
| CVE-2016-1424 | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device c... | | |
| CVE-2016-1425 | Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cau... | | |
| CVE-2016-1426 | Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of serv... | | |
| CVE-2016-1427 | The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.... | | |
| CVE-2016-1428 | Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users ... | | |
| CVE-2016-1429 | Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remo... | M | |
| CVE-2016-1430 | Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as roo... | M | |
| CVE-2016-1431 | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, ... | | |
| CVE-2016-1432 | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated... | | |
| CVE-2016-1433 | Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service ... | | |
| CVE-2016-1434 | The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remot... | | |
| CVE-2016-1435 | Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, whic... | | |
| CVE-2016-1436 | The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000... | | |
| CVE-2016-1437 | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.... | | |
| CVE-2016-1438 | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass ... | | |
| CVE-2016-1439 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center... | | |
| CVE-2016-1440 | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote atta... | | |
| CVE-2016-1441 | Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allo... | | |
| CVE-2016-1442 | The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authe... | | |
| CVE-2016-1443 | The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote atta... | | |
| CVE-2016-1444 | The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) ... | | |
| CVE-2016-1445 | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypa... | | |
| CVE-2016-1446 | SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to ... | | |
| CVE-2016-1447 | Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Serv... | | |
| CVE-2016-1448 | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote att... | | |
| CVE-2016-1449 | Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers ... | | |
| CVE-2016-1450 | Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attac... | | |
| CVE-2016-1451 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Serv... | | |
| CVE-2016-1452 | Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuratio... | | |
| CVE-2016-1453 | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through... | M | |
| CVE-2016-1454 | Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000... | | |
| CVE-2016-1455 | Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-inte... | | |
| CVE-2016-1456 | The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a p... | | |
| CVE-2016-1457 | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5... | | |
| CVE-2016-1458 | The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.... | | |
| CVE-2016-1459 | Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users t... | | |
| CVE-2016-1460 | Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers t... | | |
| CVE-2016-1461 | Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to... | | |
| CVE-2016-1462 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Servic... | | |
| CVE-2016-1463 | Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypas... | | |
| CVE-2016-1464 | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to exe... | E | |
| CVE-2016-1465 | Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attac... | | |
| CVE-2016-1466 | Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10... | | |
| CVE-2016-1467 | Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of servic... | | |
| CVE-2016-1468 | The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 ... | | |
| CVE-2016-1469 | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a de... | | |
| CVE-2016-1470 | Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small... | E | |
| CVE-2016-1471 | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Busine... | E | |
| CVE-2016-1472 | The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 ... | | |
| CVE-2016-1473 | Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which... | | |
| CVE-2016-1474 | Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it ... | | |
| CVE-2016-1476 | Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows re... | M | |
| CVE-2016-1477 | Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notificati... | | |
| CVE-2016-1478 | Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packe... | | |
| CVE-2016-1479 | Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of servic... | M | |
| CVE-2016-1480 | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Softwar... | | |
| CVE-2016-1481 | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec... | | |
| CVE-2016-1482 | Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting t... | | |
| CVE-2016-1483 | Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumptio... | | |
| CVE-2016-1484 | Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and o... | | |
| CVE-2016-1485 | Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote ... | | |
| CVE-2016-1486 | A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (A... | | |
| CVE-2016-1487 | Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading t... | | |
| CVE-2016-1488 | Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens O... | | |
| CVE-2016-1489 | Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in c... | | |
| CVE-2016-1490 | The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensit... | M | |
| CVE-2016-1491 | The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a... | M | |
| CVE-2016-1492 | The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, d... | M | |
| CVE-2016-1493 | Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier ... | S | |
| CVE-2016-1494 | The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof ... | E S | |
| CVE-2016-1495 | Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before ... | | |
| CVE-2016-1496 | The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00... | | |
| CVE-2016-1497 | The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11... | | |
| CVE-2016-1498 | Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server ... | | |
| CVE-2016-1499 | ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated... | E | |
| CVE-2016-1500 | ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when... | | |
| CVE-2016-1501 | ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensi... | | |
| CVE-2016-1502 | NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication an... | S | |
| CVE-2016-1503 | dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, a... | | |
| CVE-2016-1504 | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) v... | S | |
| CVE-2016-1505 | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or ... | S | |
| CVE-2016-1513 | The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of... | | |
| CVE-2016-1514 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8790. Reason: This candida... | R | |
| CVE-2016-1515 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8789. Reason: This candida... | R | |
| CVE-2016-1516 | OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.... | E S | |
| CVE-2016-1517 | OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving c... | E S | |
| CVE-2016-1518 | The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Gra... | | |
| CVE-2016-1519 | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does n... | | |
| CVE-2016-1520 | The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update ... | | |
| CVE-2016-1521 | The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla F... | | |
| CVE-2016-1522 | Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR ... | E | |
| CVE-2016-1523 | The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozi... | S | |
| CVE-2016-1524 | Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and e... | E | |
| CVE-2016-1525 | Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.... | E | |
| CVE-2016-1526 | The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozill... | | |
| CVE-2016-1531 | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_s... | E | |
| CVE-2016-1541 | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.... | | |
| CVE-2016-1542 | The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and ... | E S | |
| CVE-2016-1543 | The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, ... | E S | |
| CVE-2016-1544 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).... | S | |
| CVE-2016-1546 | The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of si... | S | |
| CVE-2016-1547 | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and... | M | |
| CVE-2016-1548 | An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches t... | E | |
| CVE-2016-1549 | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win th... | M | |
| CVE-2016-1550 | An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2... | | |
| CVE-2016-1551 | ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying ope... | | |
| CVE-2016-1555 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardD... | KEV E S | |
| CVE-2016-1556 | Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 befor... | S | |
| CVE-2016-1557 | Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative ... | S | |
| CVE-2016-1558 | Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and ea... | S | |
| CVE-2016-1559 | D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-L... | S | |
| CVE-2016-1560 | ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the ro... | E M | |
| CVE-2016-1561 | ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys... | E M | |
| CVE-2016-1562 | The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authentica... | | |
| CVE-2016-1563 | NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, whic... | | |
| CVE-2016-1564 | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress b... | E S | |
| CVE-2016-1565 | Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal... | S | |
| CVE-2016-1566 | Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file... | | |
| CVE-2016-1567 | chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when aut... | E S | |
| CVE-2016-1568 | Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, a... | | |
| CVE-2016-1569 | FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by usin... | E | |
| CVE-2016-1570 | The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows ... | | |
| CVE-2016-1571 | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow... | | |
| CVE-2016-1572 | mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, whi... | S | |
| CVE-2016-1573 | Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash | | |
| CVE-2016-1574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1575 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL ... | E S | |
| CVE-2016-1576 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount ... | E S | |
| CVE-2016-1577 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allow... | | |
| CVE-2016-1578 | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (applicat... | | |
| CVE-2016-1579 | UDM doesn't check for confinement before running post-processing commands | | |
| CVE-2016-1580 | The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly d... | | |
| CVE-2016-1581 | LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop bas... | | |
| CVE-2016-1582 | LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into pri... | | |
| CVE-2016-1583 | The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allo... | E | |
| CVE-2016-1584 | Unity8 converged application lifecycle allows background applications to use on-screen keyboard when not top-most | | |
| CVE-2016-1585 | AppArmor mount rules grant excessive permissions | | |
| CVE-2016-1586 | A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext... | S | |
| CVE-2016-1587 | The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages... | S | |
| CVE-2016-1588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1592 | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary ... | | |
| CVE-2016-1593 | Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk bef... | E | |
| CVE-2016-1594 | Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attac... | E | |
| CVE-2016-1595 | LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk b... | E | |
| CVE-2016-1596 | Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 al... | E | |
| CVE-2016-1597 | A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to admin... | | |
| CVE-2016-1598 | XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their userna... | | |
| CVE-2016-1599 | Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x bef... | | |
| CVE-2016-1600 | The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an informat... | | |
| CVE-2016-1601 | yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty pass... | | |
| CVE-2016-1602 | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise ... | | |
| CVE-2016-1603 | An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic att... | | |
| CVE-2016-1605 | Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7... | | |
| CVE-2016-1606 | Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 ... | | |
| CVE-2016-1607 | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell... | E | |
| CVE-2016-1608 | vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows re... | E | |
| CVE-2016-1609 | Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and ... | E | |
| CVE-2016-1610 | Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security U... | E | |
| CVE-2016-1611 | Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /e... | E | |
| CVE-2016-1612 | The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.256... | | |
| CVE-2016-1613 | Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Googl... | | |
| CVE-2016-1614 | The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBuffe... | | |
| CVE-2016-1615 | The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a d... | | |
| CVE-2016-1616 | The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google... | | |
| CVE-2016-1617 | The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content S... | | |
| CVE-2016-1618 | Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographically... | | |
| CVE-2016-1619 | Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/cod... | | |
| CVE-2016-1620 | Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a... | | |
| CVE-2016-1621 | libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-0... | | |
| CVE-2016-1622 | The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.de... | | |
| CVE-2016-1623 | The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach... | | |
| CVE-2016-1624 | Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Goog... | | |
| CVE-2016-1625 | The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page... | | |
| CVE-2016-1626 | The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before... | | |
| CVE-2016-1627 | The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate... | | |
| CVE-2016-1628 | pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certa... | | |
| CVE-2016-1629 | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy an... | | |
| CVE-2016-1630 | The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, ... | | |
| CVE-2016-1631 | The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_lo... | | |
| CVE-2016-1632 | The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own propert... | | |
| CVE-2016-1633 | Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote a... | | |
| CVE-2016-1634 | Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/cor... | | |
| CVE-2016-1635 | extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not p... | | |
| CVE-2016-1636 | The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chr... | | |
| CVE-2016-1637 | The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome ... | | |
| CVE-2016-1638 | extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49... | | |
| CVE-2016-1639 | Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api... | | |
| CVE-2016-1640 | The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623... | | |
| CVE-2016-1641 | Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome b... | | |
| CVE-2016-1642 | Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a... | | |
| CVE-2016-1643 | The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cp... | | |
| CVE-2016-1644 | WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, d... | | |
| CVE-2016-1645 | Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, a... | | |
| CVE-2016-1646 | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome befo... | KEV E S | |
| CVE-2016-1647 | Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/render... | | |
| CVE-2016-1648 | Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.c... | | |
| CVE-2016-1649 | The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before... | | |
| CVE-2016-1650 | The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/pa... | | |
| CVE-2016-1651 | fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not... | | |
| CVE-2016-1652 | Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensio... | | |
| CVE-2016-1653 | The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles... | | |
| CVE-2016-1654 | The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data str... | | |
| CVE-2016-1655 | Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during cal... | | |
| CVE-2016-1656 | The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers ... | | |
| CVE-2016-1657 | The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents... | | |
| CVE-2016-1658 | The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method... | | |
| CVE-2016-1659 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a... | | |
| CVE-2016-1660 | Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and ... | | |
| CVE-2016-1661 | Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for... | | |
| CVE-2016-1662 | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback ex... | | |
| CVE-2016-1663 | The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/Serialize... | | |
| CVE-2016-1664 | The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google ... | | |
| CVE-2016-1665 | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrom... | | |
| CVE-2016-1666 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a... | | |
| CVE-2016-1667 | The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementat... | | |
| CVE-2016-1668 | The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Bl... | | |
| CVE-2016-1669 | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.... | | |
| CVE-2016-1670 | Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/re... | | |
| CVE-2016-1671 | Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, whi... | | |
| CVE-2016-1672 | The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extensio... | | |
| CVE-2016-1673 | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Orig... | | |
| CVE-2016-1674 | The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the ... | | |
| CVE-2016-1675 | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Orig... | | |
| CVE-2016-1676 | extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704... | | |
| CVE-2016-1677 | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorre... | | |
| CVE-2016-1678 | objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not pro... | | |
| CVE-2016-1679 | The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chro... | | |
| CVE-2016-1680 | Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome befo... | | |
| CVE-2016-1681 | Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in... | | |
| CVE-2016-1682 | The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworke... | | |
| CVE-2016-1683 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespa... | | |
| CVE-2016-1684 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i f... | | |
| CVE-2016-1685 | core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates c... | | |
| CVE-2016-1686 | The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in ... | | |
| CVE-2016-1687 | The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public e... | | |
| CVE-2016-1688 | The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google ... | | |
| CVE-2016-1689 | Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome befo... | | |
| CVE-2016-1690 | The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between ... | | |
| CVE-2016-1691 | Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote... | | |
| CVE-2016-1692 | WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63... | | |
| CVE-2016-1693 | browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the H... | | |
| CVE-2016-1694 | browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pin... | | |
| CVE-2016-1695 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a... | | |
| CVE-2016-1696 | The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings ac... | | |
| CVE-2016-1697 | The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used i... | | |
| CVE-2016-1698 | The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings ... | | |
| CVE-2016-1699 | WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blin... | | |
| CVE-2016-1700 | extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not conside... | | |
| CVE-2016-1701 | The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between ... | | |
| CVE-2016-1702 | The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before ... | | |
| CVE-2016-1703 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a... | | |
| CVE-2016-1704 | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause ... | | |
| CVE-2016-1705 | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a... | | |
| CVE-2016-1706 | The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC me... | | |
| CVE-2016-1707 | ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensu... | | |
| CVE-2016-1708 | The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome... | | |
| CVE-2016-1709 | Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly befor... | | |
| CVE-2016-1710 | The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as use... | | |
| CVE-2016-1711 | WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, do... | | |
| CVE-2016-1712 | Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.... | | |
| CVE-2016-1713 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in mod... | E | |
| CVE-2016-1714 | The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when bui... | | |
| CVE-2016-1715 | The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before ... | S | |
| CVE-2016-1716 | AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or c... | | |
| CVE-2016-1717 | The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allo... | | |
| CVE-2016-1718 | The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local ... | | |
| CVE-2016-1719 | The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows loc... | E | |
| CVE-2016-1720 | IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to ga... | E | |
| CVE-2016-1721 | The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users ... | E | |
| CVE-2016-1722 | syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to g... | | |
| CVE-2016-1723 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execut... | | |
| CVE-2016-1724 | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote... | | |
| CVE-2016-1725 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execut... | | |
| CVE-2016-1726 | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execut... | | |
| CVE-2016-1727 | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote... | | |
| CVE-2016-1728 | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mi... | | |
| CVE-2016-1729 | Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to ... | | |
| CVE-2016-1730 | WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating ... | | |
| CVE-2016-1731 | Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the... | S | |
| CVE-2016-1732 | AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout i... | S | |
| CVE-2016-1733 | AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged co... | | |
| CVE-2016-1734 | AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attac... | | |
| CVE-2016-1735 | Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged co... | S | |
| CVE-2016-1736 | Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged co... | | |
| CVE-2016-1737 | Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2016-1738 | dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via... | | |
| CVE-2016-1739 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1740 | FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all... | | |
| CVE-2016-1741 | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to... | E S | |
| CVE-2016-1742 | Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users ... | | |
| CVE-2016-1743 | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to ... | E | |
| CVE-2016-1744 | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to ... | E | |
| CVE-2016-1745 | IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL ... | S | |
| CVE-2016-1746 | IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged c... | | |
| CVE-2016-1747 | IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged c... | | |
| CVE-2016-1748 | IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 al... | | |
| CVE-2016-1749 | IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged ... | E | |
| CVE-2016-1750 | Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before... | | |
| CVE-2016-1751 | The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restri... | | |
| CVE-2016-1752 | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all... | | |
| CVE-2016-1753 | Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9... | | |
| CVE-2016-1754 | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all... | | |
| CVE-2016-1755 | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 all... | E | |
| CVE-2016-1756 | The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary cod... | | |
| CVE-2016-1757 | Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to exe... | E | |
| CVE-2016-1758 | The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memo... | | |
| CVE-2016-1759 | The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged c... | | |
| CVE-2016-1760 | The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended e... | | |
| CVE-2016-1761 | libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers... | | |
| CVE-2016-1762 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of servic... | E S | |
| CVE-2016-1763 | Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended me... | | |
| CVE-2016-1764 | The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows rem... | | |
| CVE-2016-1765 | otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (... | | |
| CVE-2016-1766 | The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows... | | |
| CVE-2016-1767 | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a ... | E | |
| CVE-2016-1768 | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a ... | E | |
| CVE-2016-1769 | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a ... | E | |
| CVE-2016-1770 | The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-con... | | |
| CVE-2016-1771 | The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote atta... | | |
| CVE-2016-1772 | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier fo... | | |
| CVE-2016-1773 | The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, whi... | | |
| CVE-2016-1774 | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about... | | |
| CVE-2016-1775 | TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2... | | |
| CVE-2016-1776 | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htacc... | | |
| CVE-2016-1777 | Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for rem... | | |
| CVE-2016-1778 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary co... | | |
| CVE-2016-1779 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Orig... | | |
| CVE-2016-1780 | WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion... | | |
| CVE-2016-1781 | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easi... | | |
| CVE-2016-1782 | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that speci... | | |
| CVE-2016-1783 | WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to ex... | | |
| CVE-2016-1784 | The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2... | | |
| CVE-2016-1785 | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles c... | | |
| CVE-2016-1786 | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles H... | | |
| CVE-2016-1787 | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information ... | S | |
| CVE-2016-1788 | Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly impl... | | |
| CVE-2016-1789 | Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Autho... | | |
| CVE-2016-1790 | Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain ... | | |
| CVE-2016-1791 | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-la... | | |
| CVE-2016-1792 | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi... | | |
| CVE-2016-1793 | AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary ... | E | |
| CVE-2016-1794 | The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 1... | E | |
| CVE-2016-1795 | AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code... | | |
| CVE-2016-1796 | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel m... | | |
| CVE-2016-1797 | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValid... | | |
| CVE-2016-1798 | Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer deref... | | |
| CVE-2016-1799 | Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged contex... | | |
| CVE-2016-1800 | Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows ... | | |
| CVE-2016-1801 | The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.... | | |
| CVE-2016-1802 | CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watch... | | |
| CVE-2016-1803 | CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.... | E | |
| CVE-2016-1804 | The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in... | | |
| CVE-2016-1805 | CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged ... | | |
| CVE-2016-1806 | Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileg... | | |
| CVE-2016-1807 | Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS bef... | E | |
| CVE-2016-1808 | The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and wat... | | |
| CVE-2016-1809 | Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has ... | | |
| CVE-2016-1810 | The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary co... | | |
| CVE-2016-1811 | ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 ... | | |
| CVE-2016-1812 | Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute ar... | | |
| CVE-2016-1813 | The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.... | E | |
| CVE-2016-1814 | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows att... | | |
| CVE-2016-1815 | IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a pri... | | |
| CVE-2016-1816 | IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a pri... | | |
| CVE-2016-1817 | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b... | | |
| CVE-2016-1818 | IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b... | | |
| CVE-2016-1819 | Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before ... | E | |
| CVE-2016-1820 | Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary ... | | |
| CVE-2016-1821 | IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privilege... | E | |
| CVE-2016-1822 | IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privil... | | |
| CVE-2016-1823 | The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ... | E | |
| CVE-2016-1824 | IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.... | | |
| CVE-2016-1825 | IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged ... | | |
| CVE-2016-1826 | Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows atta... | | |
| CVE-2016-1827 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2... | | |
| CVE-2016-1828 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2... | | |
| CVE-2016-1829 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2... | | |
| CVE-2016-1830 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2... | | |
| CVE-2016-1831 | The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary c... | | |
| CVE-2016-1832 | libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 all... | | |
| CVE-2016-1833 | The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before... | E S | |
| CVE-2016-1834 | Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS ... | E S | |
| CVE-2016-1835 | Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in ... | | |
| CVE-2016-1836 | Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used ... | S | |
| CVE-2016-1837 | Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiter... | E S | |
| CVE-2016-1838 | The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before ... | E S | |
| CVE-2016-1839 | The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X befor... | E S | |
| CVE-2016-1840 | Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used i... | E S | |
| CVE-2016-1841 | libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befo... | | |
| CVE-2016-1842 | MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS f... | | |
| CVE-2016-1843 | The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remot... | | |
| CVE-2016-1844 | The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote a... | | |
| CVE-2016-1845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-1846 | The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X bef... | E | |
| CVE-2016-1847 | OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befor... | | |
| CVE-2016-1848 | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a ... | E | |
| CVE-2016-1849 | The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3... | | |
| CVE-2016-1850 | SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2016-1851 | The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows phys... | | |
| CVE-2016-1852 | Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state... | | |
| CVE-2016-1853 | Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveragi... | | |
| CVE-2016-1854 | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote... | | |
| CVE-2016-1855 | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote... | | |
| CVE-2016-1856 | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote... | | |
| CVE-2016-1857 | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote... | | |
| CVE-2016-1858 | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tr... | | |
| CVE-2016-1859 | The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2... | | |
| CVE-2016-1860 | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memor... | | |
| CVE-2016-1861 | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbit... | E | |
| CVE-2016-1862 | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memor... | | |
| CVE-2016-1863 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2... | E | |
| CVE-2016-1864 | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly ... | | |
| CVE-2016-1865 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2... | | |
| CVE-2016-1866 | Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows ma... | | |
| CVE-2016-1867 | The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service ... | | |
| CVE-2016-1876 | The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users t... | | |
| CVE-2016-1879 | The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, a... | E | |
| CVE-2016-1880 | The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to rea... | | |
| CVE-2016-1881 | The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or... | | |
| CVE-2016-1882 | FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial... | S | |
| CVE-2016-1883 | The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows loc... | | |
| CVE-2016-1885 | Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9... | E | |
| CVE-2016-1886 | Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 befo... | E S | |
| CVE-2016-1887 | Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before... | E | |
| CVE-2016-1888 | The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arg... | | |
| CVE-2016-1889 | Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with ... | | |
| CVE-2016-1894 | NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication v... | S | |
| CVE-2016-1895 | NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a... | | |
| CVE-2016-1896 | Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049... | | |
| CVE-2016-1897 | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using... | E | |
| CVE-2016-1898 | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using... | E | |
| CVE-2016-1899 | CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to i... | S | |
| CVE-2016-1900 | CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0... | S | |
| CVE-2016-1901 | Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to ha... | E S | |
| CVE-2016-1902 | The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and ... | S | |
| CVE-2016-1903 | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.... | E | |
| CVE-2016-1904 | Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to ... | E | |
| CVE-2016-1905 | The API server in Kubernetes does not properly check admission control, which allows remote authenti... | | |
| CVE-2016-1906 | Openshift allows remote attackers to gain privileges by updating a build configuration that was crea... | | |
| CVE-2016-1907 | The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to ca... | | |
| CVE-2016-1908 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding an... | S | |
| CVE-2016-1909 | Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCa... | E | |
| CVE-2016-1910 | The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data v... | E | |
| CVE-2016-1911 | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to i... | | |
| CVE-2016-1912 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authentic... | E | |
| CVE-2016-1913 | Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for... | S | |
| CVE-2016-1914 | Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBer... | E S | |
| CVE-2016-1915 | Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-... | E S | |
| CVE-2016-1916 | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (... | | |
| CVE-2016-1917 | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (... | | |
| CVE-2016-1918 | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (... | | |
| CVE-2016-1919 | Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local user... | E | |
| CVE-2016-1920 | Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-i... | | |
| CVE-2016-1922 | QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulne... | S | |
| CVE-2016-1923 | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows re... | | |
| CVE-2016-1924 | The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of servic... | | |
| CVE-2016-1925 | Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large ... | | |
| CVE-2016-1926 | Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) ... | E | |
| CVE-2016-1927 | The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4... | S | |
| CVE-2016-1928 | Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial... | | |
| CVE-2016-1929 | The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequent... | | |
| CVE-2016-1930 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefo... | | |
| CVE-2016-1931 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remo... | | |
| CVE-2016-1933 | Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remo... | | |
| CVE-2016-1935 | Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x be... | | |
| CVE-2016-1937 | The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickj... | | |
| CVE-2016-1938 | The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21... | | |
| CVE-2016-1939 | Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allo... | | |
| CVE-2016-1940 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: ... | | |
| CVE-2016-1941 | The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly... | | |
| CVE-2016-1942 | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in t... | | |
| CVE-2016-1943 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scro... | | |
| CVE-2016-1944 | The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might a... | | |
| CVE-2016-1945 | The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a den... | | |
| CVE-2016-1946 | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox bef... | | |
| CVE-2016-1947 | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which mak... | | |
| CVE-2016-1948 | Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme in... | | |
| CVE-2016-1949 | Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and... | | |
| CVE-2016-1950 | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and... | | |
| CVE-2016-1951 | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 all... | | |
| CVE-2016-1952 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefo... | | |
| CVE-2016-1953 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remo... | | |
| CVE-2016-1954 | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45... | S | |
| CVE-2016-1955 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sens... | | |
| CVE-2016-1956 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to... | | |
| CVE-2016-1957 | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows... | | |
| CVE-2016-1958 | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allo... | | |
| CVE-2016-1959 | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arb... | | |
| CVE-2016-1960 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox befo... | E | |
| CVE-2016-1961 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp ... | | |
| CVE-2016-1962 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefo... | | |
| CVE-2016-1963 | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a... | | |
| CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Fir... | | |
| CVE-2016-1965 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that re... | | |
| CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox b... | | |
| CVE-2016-1967 | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing AP... | | |
| CVE-2016-1968 | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to exec... | | |
| CVE-2016-1969 | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ... | | |
| CVE-2016-1970 | Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox bef... | | |
| CVE-2016-1971 | The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0... | | |
| CVE-2016-1972 | Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to c... | | |
| CVE-2016-1973 | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox bef... | | |
| CVE-2016-1974 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x be... | | |
| CVE-2016-1975 | Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation i... | | |
| CVE-2016-1976 | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozil... | | |
| CVE-2016-1977 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozill... | | |
| CVE-2016-1978 | Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Sec... | | |
| CVE-2016-1979 | Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Net... | | |
| CVE-2016-1981 | QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite lo... | S | |
| CVE-2016-1982 | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote atta... | | |
| CVE-2016-1983 | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a de... | | |
| CVE-2016-1984 | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcod... | E S | |
| CVE-2016-1985 | HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands ... | S | |
| CVE-2016-1986 | HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands v... | S | |
| CVE-2016-1987 | HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remo... | | |
| CVE-2016-1988 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to exec... | S | |
| CVE-2016-1989 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to exec... | S | |
| CVE-2016-1990 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSigh... | S | |
| CVE-2016-1991 | HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSigh... | S | |
| CVE-2016-1992 | HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated use... | S | |
| CVE-2016-1993 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive in... | S | |
| CVE-2016-1994 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive in... | S | |
| CVE-2016-1995 | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via un... | S | |
| CVE-2016-1996 | HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or mo... | S | |
| CVE-2016-1997 | HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 all... | S | |
| CVE-2016-1998 | HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to exec... | S | |
| CVE-2016-1999 | The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary c... | S |