| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-20001 | The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: T... | | |
| CVE-2016-20002 | The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE... | | |
| CVE-2016-20003 | The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: Thi... | | |
| CVE-2016-20004 | The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: ... | | |
| CVE-2016-20005 | The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. N... | | |
| CVE-2016-20006 | The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NO... | | |
| CVE-2016-20007 | The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE... | | |
| CVE-2016-20008 | The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: ... | | |
| CVE-2016-20009 | A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 thro... | E | |
| CVE-2016-20010 | EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection ... | | |
| CVE-2016-20011 | libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing... | S | |
| CVE-2016-20012 | OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of user... | E S | |
| CVE-2016-20013 | sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumptio... | E | |
| CVE-2016-20014 | In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data struc... | S | |
| CVE-2016-20015 | In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the ... | E | |
| CVE-2016-20016 | MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that i... | E | |
| CVE-2016-20017 | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cg... | KEV E S | |
| CVE-2016-20018 | Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore... | E | |
| CVE-2016-20021 | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone em... | S | |
| CVE-2016-20022 | In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate th... | |