| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-4000 | Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunctio... | S | |
| CVE-2016-4001 | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the ... | S | |
| CVE-2016-4002 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is c... | S | |
| CVE-2016-4003 | Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Ap... | | |
| CVE-2016-4004 | Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote a... | E | |
| CVE-2016-4005 | The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, whic... | | |
| CVE-2016-4006 | epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-t... | | |
| CVE-2016-4007 | Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openS... | S | |
| CVE-2016-4008 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without... | | |
| CVE-2016-4009 | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before... | S | |
| CVE-2016-4010 | Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks an... | E S | |
| CVE-2016-4014 | XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows re... | E | |
| CVE-2016-4015 | The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denia... | | |
| CVE-2016-4016 | Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII,... | E | |
| CVE-2016-4017 | The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of ... | | |
| CVE-2016-4018 | The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service ... | | |
| CVE-2016-4019 | Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect int... | | |
| CVE-2016-4020 | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable,... | S | |
| CVE-2016-4021 | The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to ca... | E | |
| CVE-2016-4024 | Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbit... | S | |
| CVE-2016-4025 | Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Bus... | | |
| CVE-2016-4026 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer compo... | | |
| CVE-2016-4027 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers t... | | |
| CVE-2016-4028 | An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication ... | | |
| CVE-2016-4029 | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an ... | S | |
| CVE-2016-4030 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I... | E | |
| CVE-2016-4031 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I... | E | |
| CVE-2016-4032 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I... | E | |
| CVE-2016-4036 | The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses we... | | |
| CVE-2016-4037 | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to... | S | |
| CVE-2016-4038 | Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/dri... | | |
| CVE-2016-4040 | SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrato... | | |
| CVE-2016-4041 | Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV req... | | |
| CVE-2016-4042 | Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive cont... | | |
| CVE-2016-4043 | Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restri... | | |
| CVE-2016-4045 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded... | | |
| CVE-2016-4046 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure extern... | | |
| CVE-2016-4047 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open ... | | |
| CVE-2016-4048 | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be show... | | |
| CVE-2016-4049 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dum... | | |
| CVE-2016-4050 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4051 | Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow re... | S | |
| CVE-2016-4052 | Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote H... | S | |
| CVE-2016-4053 | Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout... | S | |
| CVE-2016-4054 | Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute a... | | |
| CVE-2016-4055 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cau... | E S | |
| CVE-2016-4056 | Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allow... | E S | |
| CVE-2016-4057 | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of... | | |
| CVE-2016-4058 | Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows rem... | | |
| CVE-2016-4059 | Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote at... | | |
| CVE-2016-4060 | Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote at... | | |
| CVE-2016-4061 | Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of serv... | | |
| CVE-2016-4062 | Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, whi... | | |
| CVE-2016-4063 | Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote at... | | |
| CVE-2016-4064 | Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF ... | | |
| CVE-2016-4065 | The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app ... | | |
| CVE-2016-4066 | Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote atta... | | |
| CVE-2016-4068 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 al... | S | |
| CVE-2016-4069 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote atta... | S | |
| CVE-2016-4070 | Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.... | E | |
| CVE-2016-4071 | Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, ... | E | |
| CVE-2016-4072 | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote att... | | |
| CVE-2016-4073 | Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PH... | E | |
| CVE-2016-4074 | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack cons... | E S | |
| CVE-2016-4075 | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HT... | E | |
| CVE-2016-4076 | epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not pro... | | |
| CVE-2016-4077 | epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handlin... | E | |
| CVE-2016-4078 | The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properl... | | |
| CVE-2016-4079 | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x bef... | | |
| CVE-2016-4080 | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x bef... | | |
| CVE-2016-4081 | epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x bef... | | |
| CVE-2016-4082 | epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2... | S | |
| CVE-2016-4083 | epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensu... | | |
| CVE-2016-4084 | Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.... | | |
| CVE-2016-4085 | Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark ... | | |
| CVE-2016-4086 | Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote att... | | |
| CVE-2016-4087 | Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software befor... | | |
| CVE-2016-4088 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4089 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4090 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4091 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC... | S | |
| CVE-2016-4092 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC... | S | |
| CVE-2016-4093 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4094 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4095 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-4096 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4097 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4098 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4099 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4100 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4101 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4102 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-4103 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4104 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4105 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4106 | Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat ... | S | |
| CVE-2016-4107 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-4108 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | E | |
| CVE-2016-4109 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4110 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4111 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4112 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4113 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4114 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4115 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4116 | Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash l... | | |
| CVE-2016-4117 | Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unsp... | KEV E | |
| CVE-2016-4118 | Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on ... | | |
| CVE-2016-4119 | Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, ... | S | |
| CVE-2016-4120 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and... | S | |
| CVE-2016-4121 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21... | S | |
| CVE-2016-4122 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4123 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4124 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4125 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4126 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4127 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4128 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4129 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4130 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4131 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4132 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4133 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4134 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4135 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | E S | |
| CVE-2016-4136 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | E S | |
| CVE-2016-4137 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | E S | |
| CVE-2016-4138 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | E S | |
| CVE-2016-4139 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4140 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4141 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4142 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4143 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4144 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4145 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4146 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4147 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4148 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4149 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4150 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4151 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4152 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4153 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4154 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4155 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4156 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4157 | Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application bef... | | |
| CVE-2016-4158 | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.... | | |
| CVE-2016-4159 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9... | | |
| CVE-2016-4160 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and... | S | |
| CVE-2016-4161 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and... | S | |
| CVE-2016-4162 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and... | S | |
| CVE-2016-4163 | Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and... | S | |
| CVE-2016-4164 | Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inj... | | |
| CVE-2016-4165 | The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact vi... | | |
| CVE-2016-4166 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash l... | S | |
| CVE-2016-4167 | Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code ... | | |
| CVE-2016-4168 | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remo... | S | |
| CVE-2016-4169 | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event infor... | S | |
| CVE-2016-4170 | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows... | S | |
| CVE-2016-4171 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to ex... | KEV | |
| CVE-2016-4172 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4173 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | S | |
| CVE-2016-4174 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | S | |
| CVE-2016-4175 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | E S | |
| CVE-2016-4176 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | E S | |
| CVE-2016-4177 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | E S | |
| CVE-2016-4178 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4179 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | E S | |
| CVE-2016-4180 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4181 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4182 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4183 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4184 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4185 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4186 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4187 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4188 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4189 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4190 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4191 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4192 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4193 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4194 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4195 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4196 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4197 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4198 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4199 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4200 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4201 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4202 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4203 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4204 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4205 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4206 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4207 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4208 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | E S | |
| CVE-2016-4209 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC... | S | |
| CVE-2016-4210 | Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic b... | S | |
| CVE-2016-4211 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4212 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4213 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4214 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4215 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4216 | XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files v... | S | |
| CVE-2016-4217 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4218 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4219 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4220 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4221 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4222 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | S | |
| CVE-2016-4223 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4224 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4225 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4226 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4227 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4228 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4229 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4230 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4231 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | E S | |
| CVE-2016-4232 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | E S | |
| CVE-2016-4233 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4234 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4235 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4236 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4237 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4238 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4239 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4240 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4241 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4242 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4243 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4244 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4245 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4246 | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and... | S | |
| CVE-2016-4247 | Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Wi... | S | |
| CVE-2016-4248 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22... | S | |
| CVE-2016-4249 | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0... | S | |
| CVE-2016-4250 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4251 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4252 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4253 | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to ob... | S | |
| CVE-2016-4254 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4255 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-4256 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4257 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4258 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4259 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4260 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4261 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4262 | Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2016-4263 | Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbi... | | |
| CVE-2016-4264 | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 ... | E | |
| CVE-2016-4265 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4266 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4267 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4268 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4269 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4270 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | S | |
| CVE-2016-4271 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | E S | |
| CVE-2016-4272 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-4273 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | E S | |
| CVE-2016-4274 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4275 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | E S | |
| CVE-2016-4276 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4277 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4278 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4279 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-4280 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4281 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4282 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4283 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4284 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4285 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-4286 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-4287 | Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on ... | S | |
| CVE-2016-4288 | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Playe... | E M | |
| CVE-2016-4289 | A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 c... | E | |
| CVE-2016-4290 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom O... | E | |
| CVE-2016-4291 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom O... | E | |
| CVE-2016-4292 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom O... | E | |
| CVE-2016-4293 | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDe... | E | |
| CVE-2016-4294 | When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook st... | E | |
| CVE-2016-4295 | When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook ... | E | |
| CVE-2016-4296 | When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat obje... | E | |
| CVE-2016-4298 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom O... | E | |
| CVE-2016-4300 | Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarc... | E S | |
| CVE-2016-4301 | Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in l... | E S | |
| CVE-2016-4302 | Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libar... | E S | |
| CVE-2016-4303 | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows r... | E S | |
| CVE-2016-4304 | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Int... | E | |
| CVE-2016-4305 | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Interne... | E | |
| CVE-2016-4306 | Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK... | E | |
| CVE-2016-4307 | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet S... | E | |
| CVE-2016-4309 | Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, all... | E | |
| CVE-2016-4311 | Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.... | E S | |
| CVE-2016-4312 | XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 befo... | E S | |
| CVE-2016-4313 | Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attacker... | E | |
| CVE-2016-4314 | Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote ... | E S | |
| CVE-2016-4315 | Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hija... | E S | |
| CVE-2016-4316 | Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to i... | E | |
| CVE-2016-4317 | Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.... | | |
| CVE-2016-4318 | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role n... | | |
| CVE-2016-4319 | Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.... | | |
| CVE-2016-4320 | Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitra... | | |
| CVE-2016-4322 | BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authenti... | | |
| CVE-2016-4323 | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT ... | E S | |
| CVE-2016-4324 | Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrar... | | |
| CVE-2016-4325 | Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allow... | | |
| CVE-2016-4326 | The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to e... | | |
| CVE-2016-4327 | Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20... | E | |
| CVE-2016-4328 | MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded ... | | |
| CVE-2016-4329 | A local denial of service vulnerability exists in window broadcast message handling functionality of... | E | |
| CVE-2016-4330 | In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the... | E | |
| CVE-2016-4331 | When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will... | E | |
| CVE-2016-4332 | The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 l... | E | |
| CVE-2016-4333 | The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact wit... | E | |
| CVE-2016-4334 | Jive before 2016.3.1 has an open redirect from the external-link.jspa page.... | E | |
| CVE-2016-4335 | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters... | E | |
| CVE-2016-4336 | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document F... | E | |
| CVE-2016-4337 | SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows r... | E | |
| CVE-2016-4338 | The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix befo... | E S | |
| CVE-2016-4340 | The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.... | E S | |
| CVE-2016-4341 | NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information v... | S | |
| CVE-2016-4342 | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles ze... | E | |
| CVE-2016-4343 | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 m... | E | |
| CVE-2016-4344 | Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote ... | E S | |
| CVE-2016-4345 | Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP bef... | E S | |
| CVE-2016-4346 | Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote ... | E S | |
| CVE-2016-4347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candida... | R | |
| CVE-2016-4348 | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to c... | | |
| CVE-2016-4349 | Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local u... | | |
| CVE-2016-4350 | Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource... | | |
| CVE-2016-4351 | SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gate... | | |
| CVE-2016-4352 | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attacker... | | |
| CVE-2016-4353 | ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows... | | |
| CVE-2016-4354 | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attac... | | |
| CVE-2016-4355 | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause ... | | |
| CVE-2016-4356 | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attack... | | |
| CVE-2016-4357 | HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive ... | | |
| CVE-2016-4358 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive informatio... | | |
| CVE-2016-4359 | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00... | | |
| CVE-2016-4360 | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 1... | | |
| CVE-2016-4361 | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through pa... | | |
| CVE-2016-4362 | HPE Insight Control server deployment allows remote authenticated users to obtain sensitive informat... | | |
| CVE-2016-4363 | HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors... | | |
| CVE-2016-4364 | HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.... | | |
| CVE-2016-4365 | HPE Insight Control server deployment allows remote attackers to obtain sensitive information via un... | | |
| CVE-2016-4366 | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive informati... | | |
| CVE-2016-4367 | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 ... | | |
| CVE-2016-4368 | HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and ... | | |
| CVE-2016-4369 | HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2... | | |
| CVE-2016-4370 | HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authe... | | |
| CVE-2016-4371 | HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authen... | | |
| CVE-2016-4372 | HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA ... | E | |
| CVE-2016-4373 | The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote... | | |
| CVE-2016-4374 | HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users ... | S | |
| CVE-2016-4375 | Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88... | | |
| CVE-2016-4376 | HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obta... | S | |
| CVE-2016-4377 | HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (... | M | |
| CVE-2016-4378 | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor... | | |
| CVE-2016-4379 | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not prope... | | |
| CVE-2016-4380 | Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21... | S | |
| CVE-2016-4381 | HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication... | S | |
| CVE-2016-4382 | HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass inten... | | |
| CVE-2016-4383 | The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be r... | M | |
| CVE-2016-4384 | HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a de... | S | |
| CVE-2016-4385 | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x be... | | |
| CVE-2016-4386 | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified... | | |
| CVE-2016-4387 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code ... | | |
| CVE-2016-4388 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code ... | | |
| CVE-2016-4389 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code ... | | |
| CVE-2016-4390 | The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code ... | | |
| CVE-2016-4391 | A remote code execution security vulnerability has been identified in all versions of the HP ArcSigh... | | |
| CVE-2016-4392 | A remote cross site scripting vulnerability has been identified in HP Business Service Management so... | | |
| CVE-2016-4393 | HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensiti... | | |
| CVE-2016-4394 | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information v... | | |
| CVE-2016-4395 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via... | | |
| CVE-2016-4396 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via... | | |
| CVE-2016-4397 | A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10... | | |
| CVE-2016-4398 | A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) S... | | |
| CVE-2016-4399 | A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (p... | | |
| CVE-2016-4400 | A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (p... | | |
| CVE-2016-4401 | Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain databa... | | |
| CVE-2016-4402 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2... | | |
| CVE-2016-4403 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2... | | |
| CVE-2016-4404 | A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2... | | |
| CVE-2016-4405 | A remote code execution vulnerability was identified in HP Business Service Management (BSM) using A... | | |
| CVE-2016-4406 | A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 a... | | |
| CVE-2016-4407 | The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, wh... | | |
| CVE-2016-4412 | An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyA... | S | |
| CVE-2016-4414 | The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attacker... | | |
| CVE-2016-4415 | wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases... | E | |
| CVE-2016-4416 | epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishan... | | |
| CVE-2016-4417 | Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshar... | | |
| CVE-2016-4418 | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x b... | | |
| CVE-2016-4419 | epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capab... | | |
| CVE-2016-4420 | The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service... | | |
| CVE-2016-4421 | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x b... | | |
| CVE-2016-4422 | The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent at... | | |
| CVE-2016-4423 | The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthentic... | | |
| CVE-2016-4425 | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recurs... | S | |
| CVE-2016-4426 | In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.... | | |
| CVE-2016-4427 | In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.... | | |
| CVE-2016-4428 | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.... | S | |
| CVE-2016-4429 | Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (... | S | |
| CVE-2016-4430 | Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers t... | | |
| CVE-2016-4431 | Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictio... | | |
| CVE-2016-4432 | The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow r... | S | |
| CVE-2016-4433 | Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictio... | | |
| CVE-2016-4434 | Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might ... | | |
| CVE-2016-4435 | An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and ... | | |
| CVE-2016-4436 | Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via ... | | |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, ... | KEV E | |
| CVE-2016-4438 | The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitr... | | |
| CVE-2016-4439 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU ... | S | |
| CVE-2016-4440 | arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows... | | |
| CVE-2016-4441 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does n... | S | |
| CVE-2016-4442 | The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive inform... | S | |
| CVE-2016-4443 | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, c... | S | |
| CVE-2016-4444 | The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary co... | E S | |
| CVE-2016-4445 | The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute ... | E S | |
| CVE-2016-4446 | The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by tr... | E S | |
| CVE-2016-4447 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack... | E S | |
| CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via ... | | |
| CVE-2016-4449 | XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in li... | | |
| CVE-2016-4450 | os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause... | | |
| CVE-2016-4451 | The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 al... | S | |
| CVE-2016-4452 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-4453 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators... | S | |
| CVE-2016-4454 | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administr... | S | |
| CVE-2016-4455 | The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak ... | S | |
| CVE-2016-4456 | The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite a... | | |
| CVE-2016-4457 | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.... | | |
| CVE-2016-4458 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-4459 | Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.... | | |
| CVE-2016-4460 | Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.... | S | |
| CVE-2016-4461 | Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequen... | M | |
| CVE-2016-4462 | By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Fre... | | |
| CVE-2016-4463 | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to ... | | |
| CVE-2016-4464 | The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match S... | M | |
| CVE-2016-4465 | The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remo... | | |
| CVE-2016-4466 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2016-4467 | The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows ... | | |
| CVE-2016-4468 | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x b... | S | |
| CVE-2016-4469 | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow... | E | |
| CVE-2016-4470 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not e... | | |
| CVE-2016-4471 | ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.... | | |
| CVE-2016-4472 | The overflow protection in Expat is removed by compilers with certain optimization settings, which a... | S | |
| CVE-2016-4473 | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. N... | E S | |
| CVE-2016-4474 | The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) directo... | | |
| CVE-2016-4475 | The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.... | S | |
| CVE-2016-4476 | hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in... | | |
| CVE-2016-4477 | wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, whic... | | |
| CVE-2016-4478 | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme... | | |
| CVE-2016-4480 | The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properl... | | |
| CVE-2016-4482 | The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not i... | | |
| CVE-2016-4483 | The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attacker... | E S | |
| CVE-2016-4484 | The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximat... | E S | |
| CVE-2016-4485 | The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a... | S | |
| CVE-2016-4486 | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not ... | E | |
| CVE-2016-4487 | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segm... | | |
| CVE-2016-4488 | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segm... | | |
| CVE-2016-4489 | Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial ... | | |
| CVE-2016-4490 | Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service ... | | |
| CVE-2016-4491 | The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of... | S | |
| CVE-2016-4492 | Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause... | S | |
| CVE-2016-4493 | The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty... | S | |
| CVE-2016-4494 | Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware befo... | | |
| CVE-2016-4495 | KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intend... | | |
| CVE-2016-4496 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (ou... | | |
| CVE-2016-4497 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or ... | | |
| CVE-2016-4498 | Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows loc... | | |
| CVE-2016-4499 | Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to... | | |
| CVE-2016-4500 | Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and conseque... | | |
| CVE-2016-4501 | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, w... | | |
| CVE-2016-4502 | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attacker... | | |
| CVE-2016-4503 | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and conseque... | | |
| CVE-2016-4504 | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Li... | | |
| CVE-2016-4505 | Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authe... | | |
| CVE-2016-4506 | Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB ... | | |
| CVE-2016-4507 | SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote aut... | | |
| CVE-2016-4508 | Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allo... | | |
| CVE-2016-4509 | Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenti... | | |
| CVE-2016-4510 | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote ... | | |
| CVE-2016-4511 | ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes... | | |
| CVE-2016-4512 | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attack... | | |
| CVE-2016-4513 | Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2... | | |
| CVE-2016-4514 | Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the... | | |
| CVE-2016-4515 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4516 | ABB PCM600 before 2.7 improperly stores the main application password after a password change, which... | | |
| CVE-2016-4518 | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of servic... | | |
| CVE-2016-4519 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers t... | | |
| CVE-2016-4520 | Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardco... | S | |
| CVE-2016-4521 | Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentia... | | |
| CVE-2016-4522 | SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows re... | | |
| CVE-2016-4523 | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote ... | KEV | |
| CVE-2016-4524 | ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circu... | | |
| CVE-2016-4525 | Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated u... | | |
| CVE-2016-4526 | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in... | | |
| CVE-2016-4527 | ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users ... | | |
| CVE-2016-4528 | Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of s... | | |
| CVE-2016-4529 | An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M1... | S | |
| CVE-2016-4530 | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a... | | |
| CVE-2016-4531 | Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a l... | | |
| CVE-2016-4532 | Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x throu... | | |
| CVE-2016-4533 | Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via... | | |
| CVE-2016-4534 | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 11235... | E S | |
| CVE-2016-4535 | Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows r... | E | |
| CVE-2016-4536 | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStor... | | |
| CVE-2016-4537 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x befo... | E S | |
| CVE-2016-4538 | The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x befo... | E S | |
| CVE-2016-4539 | The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7... | E S | |
| CVE-2016-4540 | The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x bef... | E S | |
| CVE-2016-4541 | The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x befo... | E S | |
| CVE-2016-4542 | The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and ... | E S | |
| CVE-2016-4543 | The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, ... | E S | |
| CVE-2016-4544 | The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21,... | E S | |
| CVE-2016-4545 | Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause ... | | |
| CVE-2016-4546 | Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (I... | | |
| CVE-2016-4547 | Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of ser... | | |
| CVE-2016-4551 | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow r... | | |
| CVE-2016-4552 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers t... | E | |
| CVE-2016-4553 | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header... | | |
| CVE-2016-4554 | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restric... | S | |
| CVE-2016-4555 | client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cau... | E S | |
| CVE-2016-4556 | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote s... | S | |
| CVE-2016-4557 | The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 d... | E | |
| CVE-2016-4558 | The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local u... | | |
| CVE-2016-4560 | Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges... | E | |
| CVE-2016-4561 | Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.2016... | | |
| CVE-2016-4562 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1... | S | |
| CVE-2016-4563 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.... | S | |
| CVE-2016-4564 | The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mak... | S | |
| CVE-2016-4565 | The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write syste... | | |
| CVE-2016-4566 | Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in ... | S | |
| CVE-2016-4567 | Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.2... | S | |
| CVE-2016-4568 | drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to caus... | | |
| CVE-2016-4569 | The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not in... | | |
| CVE-2016-4570 | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attacker... | | |
| CVE-2016-4571 | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote att... | | |
| CVE-2016-4572 | In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.... | | |
| CVE-2016-4573 | Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE... | | |
| CVE-2016-4574 | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 ... | | |
| CVE-2016-4575 | Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL... | | |
| CVE-2016-4576 | Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS ... | | |
| CVE-2016-4577 | Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6... | | |
| CVE-2016-4578 | sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, w... | E | |
| CVE-2016-4579 | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and cr... | | |
| CVE-2016-4580 | The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 d... | | |
| CVE-2016-4581 | fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a... | | |
| CVE-2016-4582 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2... | | |
| CVE-2016-4583 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4584 | The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS befo... | | |
| CVE-2016-4585 | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS befo... | | |
| CVE-2016-4586 | WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitra... | | |
| CVE-2016-4587 | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive i... | | |
| CVE-2016-4588 | WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denia... | | |
| CVE-2016-4589 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4590 | WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote... | | |
| CVE-2016-4591 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location... | | |
| CVE-2016-4592 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4593 | The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read ... | | |
| CVE-2016-4594 | The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, an... | | |
| CVE-2016-4595 | Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover... | | |
| CVE-2016-4596 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4597 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4598 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4599 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4600 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4601 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4602 | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2016-4603 | Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mecha... | | |
| CVE-2016-4604 | Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP resp... | | |
| CVE-2016-4605 | Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointe... | | |
| CVE-2016-4606 | Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers... | | |
| CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4611 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu... | | |
| CVE-2016-4612 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candida... | R | |
| CVE-2016-4613 | An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6... | | |
| CVE-2016-4614 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4615 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4616 | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo... | | |
| CVE-2016-4617 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involve... | | |
| CVE-2016-4618 | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 1... | | |
| CVE-2016-4619 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candida... | R | |
| CVE-2016-4620 | The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory... | | |
| CVE-2016-4621 | libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged co... | | |
| CVE-2016-4622 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4623 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4624 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers... | | |
| CVE-2016-4625 | Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain pr... | E | |
| CVE-2016-4626 | IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.... | | |
| CVE-2016-4627 | IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows lo... | | |
| CVE-2016-4628 | IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain ... | | |
| CVE-2016-4629 | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a de... | E | |
| CVE-2016-4630 | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a de... | E | |
| CVE-2016-4631 | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 ... | | |
| CVE-2016-4632 | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 ... | | |
| CVE-2016-4633 | Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a p... | | |
| CVE-2016-4634 | The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or... | | |
| CVE-2016-4635 | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spo... | | |
| CVE-2016-4636 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4637 | CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2... | E | |
| CVE-2016-4638 | Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that... | | |
| CVE-2016-4639 | Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local us... | | |
| CVE-2016-4640 | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged... | | |
| CVE-2016-4641 | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged... | | |
| CVE-2016-4642 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016... | | |
| CVE-2016-4643 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016... | | |
| CVE-2016-4644 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016... | | |
| CVE-2016-4645 | CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows l... | | |
| CVE-2016-4646 | Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain ... | | |
| CVE-2016-4647 | Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of servic... | | |
| CVE-2016-4648 | Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout infor... | | |
| CVE-2016-4649 | Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer der... | | |
| CVE-2016-4650 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS b... | | |
| CVE-2016-4651 | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3... | | |
| CVE-2016-4652 | CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from ke... | | |
| CVE-2016-4653 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2... | | |
| CVE-2016-4654 | IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privil... | | |
| CVE-2016-4655 | The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory vi... | KEV E | |
| CVE-2016-4656 | The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged cont... | KEV E | |
| CVE-2016-4657 | WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial... | KEV E | |
| CVE-2016-4658 | xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 1... | S | |
| CVE-2016-4659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4660 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4661 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4662 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4663 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4664 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i... | | |
| CVE-2016-4665 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i... | | |
| CVE-2016-4666 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1... | | |
| CVE-2016-4667 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4668 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4669 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | E | |
| CVE-2016-4670 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4671 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4672 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4673 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4674 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4675 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4676 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location... | | |
| CVE-2016-4677 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1... | | |
| CVE-2016-4678 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4679 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4680 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i... | | |
| CVE-2016-4681 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4682 | An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.1... | | |
| CVE-2016-4683 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4684 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4685 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves t... | | |
| CVE-2016-4686 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves t... | | |
| CVE-2016-4687 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4688 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4689 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t... | | |
| CVE-2016-4690 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t... | | |
| CVE-2016-4691 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2... | | |
| CVE-2016-4692 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2... | | |
| CVE-2016-4693 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2... | | |
| CVE-2016-4694 | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 sectio... | | |
| CVE-2016-4695 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4696 | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privilege... | | |
| CVE-2016-4697 | Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privi... | | |
| CVE-2016-4698 | AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement... | | |
| CVE-2016-4699 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged conte... | | |
| CVE-2016-4700 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged conte... | | |
| CVE-2016-4701 | Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via ... | | |
| CVE-2016-4702 | Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote ... | | |
| CVE-2016-4703 | Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged cont... | | |
| CVE-2016-4704 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (me... | | |
| CVE-2016-4705 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (me... | | |
| CVE-2016-4706 | cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified ve... | | |
| CVE-2016-4707 | CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allo... | | |
| CVE-2016-4708 | CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses ... | | |
| CVE-2016-4709 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that le... | | |
| CVE-2016-4710 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that le... | | |
| CVE-2016-4711 | CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers t... | | |
| CVE-2016-4712 | CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4713 | CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveragi... | | |
| CVE-2016-4714 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4715 | The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences fil... | | |
| CVE-2016-4716 | diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via uns... | | |
| CVE-2016-4717 | The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, ... | | |
| CVE-2016-4718 | Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS... | | |
| CVE-2016-4719 | The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict acc... | | |
| CVE-2016-4720 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4721 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1... | | |
| CVE-2016-4722 | The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-midd... | | |
| CVE-2016-4723 | Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a pri... | | |
| CVE-2016-4724 | IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitra... | | |
| CVE-2016-4725 | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 ... | | |
| CVE-2016-4726 | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 ... | | |
| CVE-2016-4727 | IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privi... | | |
| CVE-2016-4728 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4729 | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code... | | |
| CVE-2016-4730 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu... | | |
| CVE-2016-4731 | WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code... | | |
| CVE-2016-4732 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4733 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu... | | |
| CVE-2016-4734 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu... | | |
| CVE-2016-4735 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu... | | |
| CVE-2016-4736 | libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory c... | | |
| CVE-2016-4737 | WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote ... | | |
| CVE-2016-4738 | libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remot... | | |
| CVE-2016-4739 | mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to ... | | |
| CVE-2016-4740 | Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has o... | | |
| CVE-2016-4741 | The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software upd... | | |
| CVE-2016-4742 | NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to... | | |
| CVE-2016-4743 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2... | | |
| CVE-2016-4744 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4745 | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operation... | | |
| CVE-2016-4746 | The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct sugges... | | |
| CVE-2016-4747 | Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle att... | | |
| CVE-2016-4748 | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via... | | |
| CVE-2016-4749 | Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to ... | | |
| CVE-2016-4750 | S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in... | | |
| CVE-2016-4751 | The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar... | | |
| CVE-2016-4752 | The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINE... | | |
| CVE-2016-4753 | Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk i... | | |
| CVE-2016-4754 | ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote ... | | |
| CVE-2016-4755 | Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session fi... | | |
| CVE-2016-4756 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4757 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4758 | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not proper... | | |
| CVE-2016-4759 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4760 | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote a... | | |
| CVE-2016-4761 | WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS... | | |
| CVE-2016-4762 | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Sa... | | |
| CVE-2016-4763 | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 do... | | |
| CVE-2016-4764 | An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is af... | | |
| CVE-2016-4765 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4766 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4767 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4768 | WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10... | | |
| CVE-2016-4769 | WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to exec... | | |
| CVE-2016-4770 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4771 | The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-a... | | |
| CVE-2016-4772 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows re... | | |
| CVE-2016-4773 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4774 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4775 | The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to ga... | | |
| CVE-2016-4776 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4777 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4778 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at... | | |
| CVE-2016-4779 | Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary co... | | |
| CVE-2016-4780 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol... | | |
| CVE-2016-4781 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t... | | |
| CVE-2016-4782 | Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified im... | | |
| CVE-2016-4783 | Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 al... | | |
| CVE-2016-4784 | A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All ... | | |
| CVE-2016-4785 | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All ... | | |
| CVE-2016-4786 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4... | | |
| CVE-2016-4787 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4... | | |
| CVE-2016-4788 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4... | | |
| CVE-2016-4789 | Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative u... | | |
| CVE-2016-4790 | Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secur... | | |
| CVE-2016-4791 | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, ... | | |
| CVE-2016-4792 | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via un... | | |
| CVE-2016-4793 | The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the... | E S | |
| CVE-2016-4794 | Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to ca... | E | |
| CVE-2016-4796 | Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allow... | S | |
| CVE-2016-4797 | Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 all... | S | |
| CVE-2016-4800 | The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Window... | S | |
| CVE-2016-4802 | Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SS... | | |
| CVE-2016-4803 | CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote at... | E | |
| CVE-2016-4804 | The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of serv... | S | |
| CVE-2016-4805 | Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allow... | S | |
| CVE-2016-4806 | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a ... | E | |
| CVE-2016-4807 | Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attack... | E | |
| CVE-2016-4808 | Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, wh... | E | |
| CVE-2016-4809 | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchiv... | S | |
| CVE-2016-4810 | Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and ... | | |
| CVE-2016-4811 | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and... | | |
| CVE-2016-4812 | Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for Wo... | | |
| CVE-2016-4813 | NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain pri... | | |
| CVE-2016-4814 | Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka... | | |
| CVE-2016-4815 | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ... | S | |
| CVE-2016-4816 | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote atta... | S | |
| CVE-2016-4817 | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnectio... | | |
| CVE-2016-4818 | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITA... | | |
| CVE-2016-4819 | The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library fo... | | |
| CVE-2016-4820 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attac... | | |
| CVE-2016-4821 | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash)... | | |
| CVE-2016-4822 | Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspeci... | | |
| CVE-2016-4823 | Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecif... | | |
| CVE-2016-4824 | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices doe... | | |
| CVE-2016-4825 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct P... | | |
| CVE-2016-4826 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for Wo... | | |
| CVE-2016-4827 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for Wo... | | |
| CVE-2016-4828 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows re... | | |
| CVE-2016-4829 | DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3... | | |
| CVE-2016-4830 | Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verif... | | |
| CVE-2016-4831 | Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows l... | | |
| CVE-2016-4832 | WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.... | | |
| CVE-2016-4833 | Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress al... | | |
| CVE-2016-4834 | modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save ... | S | |
| CVE-2016-4835 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4836 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4837 | SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers... | | |
| CVE-2016-4838 | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0... | | |
| CVE-2016-4839 | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0... | | |
| CVE-2016-4840 | Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier ... | | |
| CVE-2016-4841 | Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.... | | |
| CVE-2016-4842 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.... | | |
| CVE-2016-4843 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.... | | |
| CVE-2016-4844 | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.... | | |
| CVE-2016-4845 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL... | | |
| CVE-2016-4846 | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.... | | |
| CVE-2016-4847 | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote... | S | |
| CVE-2016-4848 | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to i... | S | |
| CVE-2016-4849 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote atta... | S | |
| CVE-2016-4850 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.... | | |
| CVE-2016-4851 | Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote a... | | |
| CVE-2016-4852 | YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this ... | | |
| CVE-2016-4853 | AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, a... | | |
| CVE-2016-4854 | Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remot... | | |
| CVE-2016-4855 | Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inje... | | |
| CVE-2016-4856 | Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x ... | | |
| CVE-2016-4857 | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior... | | |
| CVE-2016-4858 | Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.... | | |
| CVE-2016-4859 | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior... | | |
| CVE-2016-4860 | Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic De... | | |
| CVE-2016-4861 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might all... | E | |
| CVE-2016-4862 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and... | S | |
| CVE-2016-4863 | The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir... | | |
| CVE-2016-4864 | H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial... | S | |
| CVE-2016-4865 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administra... | | |
| CVE-2016-4866 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administra... | | |
| CVE-2016-4867 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to ... | | |
| CVE-2016-4868 | Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inj... | | |
| CVE-2016-4869 | Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where ... | | |
| CVE-2016-4870 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated atta... | | |
| CVE-2016-4871 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.... | | |
| CVE-2016-4872 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to... | | |
| CVE-2016-4873 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations... | | |
| CVE-2016-4874 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" at... | | |
| CVE-2016-4875 | Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test... | S | |
| CVE-2016-4876 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote... | S | |
| CVE-2016-4877 | Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote ... | S | |
| CVE-2016-4878 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote... | S | |
| CVE-2016-4879 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier a... | S | |
| CVE-2016-4880 | Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote ... | S | |
| CVE-2016-4881 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier a... | S | |
| CVE-2016-4882 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote... | S | |
| CVE-2016-4883 | Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to... | S | |
| CVE-2016-4884 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier a... | S | |
| CVE-2016-4885 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier a... | S | |
| CVE-2016-4886 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier a... | S | |
| CVE-2016-4887 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earli... | S | |
| CVE-2016-4888 | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows rem... | | |
| CVE-2016-4889 | ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspec... | | |
| CVE-2016-4890 | ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which ... | | |
| CVE-2016-4891 | Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers t... | | |
| CVE-2016-4892 | Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbi... | | |
| CVE-2016-4893 | SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to ... | | |
| CVE-2016-4894 | SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors... | | |
| CVE-2016-4895 | SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via ... | | |
| CVE-2016-4896 | SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose... | | |
| CVE-2016-4897 | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.... | | |
| CVE-2016-4898 | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerabl... | | |
| CVE-2016-4899 | The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerabl... | | |
| CVE-2016-4900 | Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote atta... | | |
| CVE-2016-4901 | Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote at... | | |
| CVE-2016-4902 | Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI us... | | |
| CVE-2016-4903 | Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versi... | S | |
| CVE-2016-4904 | Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-Olive... | S | |
| CVE-2016-4905 | SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions... | S | |
| CVE-2016-4906 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject... | | |
| CVE-2016-4907 | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.... | | |
| CVE-2016-4908 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to a... | | |
| CVE-2016-4909 | Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attack... | | |
| CVE-2016-4910 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to d... | | |
| CVE-2016-4911 | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote... | S | |
| CVE-2016-4912 | The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial ... | E | |
| CVE-2016-4913 | The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles ... | S | |
| CVE-2016-4921 | Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921) | M | |
| CVE-2016-4922 | Junos: Privilege escalation vulnerabilities in Junos CLI | M | |
| CVE-2016-4923 | Junos J-Web: Cross Site Scripting Vulnerability | | |
| CVE-2016-4924 | vMX: Information leak vulnerability | M | |
| CVE-2016-4925 | JUNOSe: Line Card Reset: processor exception 0x68616c74 (halt) task: scheduler, upon receipt of crafted IPv6 packet | M | |
| CVE-2016-4926 | Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based u... | | |
| CVE-2016-4927 | Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) typ... | | |
| CVE-2016-4928 | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to per... | | |
| CVE-2016-4929 | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary c... | | |
| CVE-2016-4930 | Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to ste... | | |
| CVE-2016-4931 | XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.... | | |
| CVE-2016-4932 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4934 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4939 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4940 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-4945 | Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Ga... | | |
| CVE-2016-4946 | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote a... | | |
| CVE-2016-4947 | Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to d... | | |
| CVE-2016-4948 | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote... | | |
| CVE-2016-4949 | Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) s... | | |
| CVE-2016-4950 | Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to... | | |
| CVE-2016-4951 | The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify ... | S | |
| CVE-2016-4952 | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, all... | S | |
| CVE-2016-4953 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-assoc... | S | |
| CVE-2016-4954 | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers... | S | |
| CVE-2016-4955 | ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial o... | S | |
| CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mod... | | |
| CVE-2016-4957 | ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a... | S | |
| CVE-2016-4959 | For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A suc... | S | |
| CVE-2016-4960 | For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is im... | S | |
| CVE-2016-4961 | For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStrea... | S | |
| CVE-2016-4962 | The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a d... | | |
| CVE-2016-4963 | The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver... | | |
| CVE-2016-4964 | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local gue... | S | |
| CVE-2016-4965 | Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access t... | | |
| CVE-2016-4966 | The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote... | | |
| CVE-2016-4967 | Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sen... | | |
| CVE-2016-4968 | The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows ... | | |
| CVE-2016-4969 | Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 all... | | |
| CVE-2016-4970 | handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allow... | S | |
| CVE-2016-4971 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from... | E S | |
| CVE-2016-4972 | OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3... | S | |
| CVE-2016-4973 | Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (... | | |
| CVE-2016-4974 | Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the ... | | |
| CVE-2016-4975 | mod_userdir CRLF injection | | |
| CVE-2016-4976 | Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, whic... | | |
| CVE-2016-4977 | When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to ... | | |
| CVE-2016-4978 | The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis br... | | |
| CVE-2016-4979 | The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not prope... | S | |
| CVE-2016-4980 | A password generation weakness exists in xquest through 2016-06-13.... | | |
| CVE-2016-4981 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4982. Reason: This candidate... | R | |
| CVE-2016-4982 | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by levera... | | |
| CVE-2016-4983 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL... | E | |
| CVE-2016-4984 | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS ... | | |
| CVE-2016-4985 | The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allo... | | |
| CVE-2016-4986 | Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers t... | | |
| CVE-2016-4987 | Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote at... | | |
| CVE-2016-4988 | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenki... | | |
| CVE-2016-4989 | setroubleshoot allows local users to bypass an intended container protection mechanism and execute a... | S | |
| CVE-2016-4990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2016-4991 | Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF re... | E | |
| CVE-2016-4992 | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC N... | | |
| CVE-2016-4993 | CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss ... | | |
| CVE-2016-4994 | Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows rem... | S | |
| CVE-2016-4995 | Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisio... | S | |
| CVE-2016-4996 | discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes disp... | | |
| CVE-2016-4997 | The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter su... | E S | |
| CVE-2016-4998 | The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel befo... | S | |
| CVE-2016-4999 | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/datapro... | |