| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2016-6000 | IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2016-6001 | IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the a... | S | |
| CVE-2016-6018 | IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features t... | S | |
| CVE-2016-6019 | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-s... | S | |
| CVE-2016-6020 | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attac... | S | |
| CVE-2016-6021 | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scriptin... | S | |
| CVE-2016-6022 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerabili... | S | |
| CVE-2016-6023 | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.... | | |
| CVE-2016-6024 | IBM Jazz technology based products might divulge information that might be useful in helping attacke... | | |
| CVE-2016-6025 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b... | | |
| CVE-2016-6026 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b... | | |
| CVE-2016-6027 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 b... | | |
| CVE-2016-6028 | IBM Jazz technology based products might allow an attacker to view work item titles that they do not... | S | |
| CVE-2016-6029 | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obt... | S | |
| CVE-2016-6030 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed ... | S | |
| CVE-2016-6031 | IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerab... | S | |
| CVE-2016-6032 | IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability... | S | |
| CVE-2016-6033 | IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request... | S | |
| CVE-2016-6034 | IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain crede... | S | |
| CVE-2016-6035 | IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2016-6036 | IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vu... | S | |
| CVE-2016-6037 | IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project admi... | S | |
| CVE-2016-6038 | Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI)... | M | |
| CVE-2016-6039 | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2016-6040 | IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due t... | S | |
| CVE-2016-6042 | IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system... | S | |
| CVE-2016-6043 | Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged i... | S | |
| CVE-2016-6044 | IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disa... | S | |
| CVE-2016-6045 | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could... | S | |
| CVE-2016-6046 | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerabili... | S | |
| CVE-2016-6047 | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us... | S | |
| CVE-2016-6054 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed ... | S | |
| CVE-2016-6055 | IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vul... | S | |
| CVE-2016-6056 | IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability a... | S | |
| CVE-2016-6059 | IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External En... | S | |
| CVE-2016-6060 | An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a J... | S | |
| CVE-2016-6061 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed ... | S | |
| CVE-2016-6062 | IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allo... | | |
| CVE-2016-6065 | IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject command... | S | |
| CVE-2016-6068 | IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access A... | S | |
| CVE-2016-6072 | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users t... | S | |
| CVE-2016-6077 | IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lowe... | S | |
| CVE-2016-6079 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally auth... | E S | |
| CVE-2016-6080 | The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sen... | S | |
| CVE-2016-6082 | IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by... | S | |
| CVE-2016-6083 | IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could conta... | S | |
| CVE-2016-6084 | IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a spe... | S | |
| CVE-2016-6085 | IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.... | S | |
| CVE-2016-6087 | IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and larg... | S | |
| CVE-2016-6089 | IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a ... | S | |
| CVE-2016-6090 | IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user per... | S | |
| CVE-2016-6091 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1897, CVE-2015-0119. Reaso... | R | |
| CVE-2016-6092 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text ... | S | |
| CVE-2016-6093 | IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default... | S | |
| CVE-2016-6094 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensit... | S | |
| CVE-2016-6095 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could a... | S | |
| CVE-2016-6096 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vul... | S | |
| CVE-2016-6097 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can... | S | |
| CVE-2016-6098 | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical r... | S | |
| CVE-2016-6099 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. ... | S | |
| CVE-2016-6100 | IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Managemen... | | |
| CVE-2016-6102 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This ma... | S | |
| CVE-2016-6103 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could... | S | |
| CVE-2016-6104 | IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary file... | S | |
| CVE-2016-6105 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical r... | S | |
| CVE-2016-6110 | IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be o... | S | |
| CVE-2016-6111 | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an ... | S | |
| CVE-2016-6112 | IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticate... | | |
| CVE-2016-6113 | IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary ... | | |
| CVE-2016-6114 | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability... | | |
| CVE-2016-6115 | IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker... | S | |
| CVE-2016-6116 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive infor... | S | |
| CVE-2016-6117 | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can dis... | S | |
| CVE-2016-6118 | IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vuln... | S | |
| CVE-2016-6121 | IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. ... | | |
| CVE-2016-6122 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response... | | |
| CVE-2016-6123 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerabi... | | |
| CVE-2016-6124 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary fil... | | |
| CVE-2016-6125 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerabi... | | |
| CVE-2016-6126 | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories... | | |
| CVE-2016-6127 | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2... | | |
| CVE-2016-6128 | The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, ... | S | |
| CVE-2016-6129 | The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0,... | S | |
| CVE-2016-6130 | Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kern... | S | |
| CVE-2016-6131 | The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, ... | S | |
| CVE-2016-6132 | The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remo... | S | |
| CVE-2016-6133 | Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1... | | |
| CVE-2016-6136 | Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel t... | S | |
| CVE-2016-6137 | An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS... | | |
| CVE-2016-6138 | Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbit... | | |
| CVE-2016-6139 | SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, a... | | |
| CVE-2016-6140 | SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to... | | |
| CVE-2016-6142 | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail... | E | |
| CVE-2016-6143 | SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involvin... | | |
| CVE-2016-6144 | The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for th... | | |
| CVE-2016-6145 | The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed... | | |
| CVE-2016-6146 | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS informat... | | |
| CVE-2016-6147 | An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary O... | | |
| CVE-2016-6148 | SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process terminat... | | |
| CVE-2016-6149 | SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging... | | |
| CVE-2016-6150 | The multi-tenant database container feature in SAP HANA does not properly encrypt communications, wh... | | |
| CVE-2016-6151 | CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute ... | S | |
| CVE-2016-6152 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of se... | S | |
| CVE-2016-6153 | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, wh... | S | |
| CVE-2016-6154 | The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can ... | E | |
| CVE-2016-6156 | Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the ... | S | |
| CVE-2016-6158 | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software be... | | |
| CVE-2016-6159 | The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 all... | | |
| CVE-2016-6160 | tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentat... | S | |
| CVE-2016-6161 | The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers t... | | |
| CVE-2016-6162 | net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic... | | |
| CVE-2016-6163 | The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attac... | S | |
| CVE-2016-6164 | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x ... | | |
| CVE-2016-6167 | Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbit... | E | |
| CVE-2016-6168 | Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows ... | | |
| CVE-2016-6169 | Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows re... | | |
| CVE-2016-6170 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS ... | E S | |
| CVE-2016-6171 | Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and ... | S | |
| CVE-2016-6172 | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a d... | S | |
| CVE-2016-6173 | NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumpti... | | |
| CVE-2016-6174 | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (a... | E | |
| CVE-2016-6175 | Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute ar... | E | |
| CVE-2016-6177 | The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attack... | | |
| CVE-2016-6178 | Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with softw... | | |
| CVE-2016-6179 | The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 b... | | |
| CVE-2016-6180 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, C... | | |
| CVE-2016-6181 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, C... | | |
| CVE-2016-6182 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, C... | | |
| CVE-2016-6183 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, C... | | |
| CVE-2016-6184 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, C... | | |
| CVE-2016-6185 | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a st... | E S | |
| CVE-2016-6186 | Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/... | E S | |
| CVE-2016-6187 | The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does n... | S | |
| CVE-2016-6188 | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) ... | S | |
| CVE-2016-6189 | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to... | E S | |
| CVE-2016-6190 | SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, ... | S | |
| CVE-2016-6191 | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar ... | S | |
| CVE-2016-6192 | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 al... | | |
| CVE-2016-6193 | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 al... | | |
| CVE-2016-6195 | SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch L... | | |
| CVE-2016-6197 | fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does no... | S | |
| CVE-2016-6198 | The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an ... | E S | |
| CVE-2016-6199 | ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a craf... | E | |
| CVE-2016-6201 | Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 ... | E | |
| CVE-2016-6204 | Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Conne... | M | |
| CVE-2016-6206 | Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denia... | | |
| CVE-2016-6207 | Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library ... | S | |
| CVE-2016-6209 | Cross-site scripting (XSS) vulnerability in Nagios.... | | |
| CVE-2016-6210 | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH ... | E | |
| CVE-2016-6211 | The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via v... | | |
| CVE-2016-6212 | The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1... | | |
| CVE-2016-6213 | fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount... | S | |
| CVE-2016-6214 | gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a deni... | S | |
| CVE-2016-6217 | Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote a... | | |
| CVE-2016-6220 | Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager... | S | |
| CVE-2016-6223 | The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows re... | S | |
| CVE-2016-6224 | ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating duri... | | |
| CVE-2016-6225 | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initiali... | S | |
| CVE-2016-6231 | Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which a... | | |
| CVE-2016-6232 | Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote ... | E S | |
| CVE-2016-6233 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might all... | E | |
| CVE-2016-6234 | The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cau... | S | |
| CVE-2016-6235 | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers t... | S | |
| CVE-2016-6236 | The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers t... | S | |
| CVE-2016-6237 | The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to ... | S | |
| CVE-2016-6238 | The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause... | S | |
| CVE-2016-6239 | The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of servic... | E | |
| CVE-2016-6240 | Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to exe... | E | |
| CVE-2016-6241 | Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute ar... | E | |
| CVE-2016-6242 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel pa... | E | |
| CVE-2016-6243 | thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service... | E | |
| CVE-2016-6244 | The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers t... | E | |
| CVE-2016-6245 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size ... | E | |
| CVE-2016-6246 | OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of s... | E | |
| CVE-2016-6247 | OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmoun... | E | |
| CVE-2016-6249 | F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication ... | | |
| CVE-2016-6250 | Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a... | S | |
| CVE-2016-6251 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2016-6252 | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidma... | S | |
| CVE-2016-6253 | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to ch... | E | |
| CVE-2016-6254 | Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.... | S | |
| CVE-2016-6255 | Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in... | E S | |
| CVE-2016-6256 | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) atta... | E | |
| CVE-2016-6257 | The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, an... | | |
| CVE-2016-6258 | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS admi... | S | |
| CVE-2016-6259 | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32... | S | |
| CVE-2016-6261 | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers... | S | |
| CVE-2016-6262 | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by rea... | S | |
| CVE-2016-6263 | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-depen... | S | |
| CVE-2016-6264 | Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows co... | S | |
| CVE-2016-6265 | Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote ... | E S | |
| CVE-2016-6266 | ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build ... | E S | |
| CVE-2016-6267 | SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3... | E S | |
| CVE-2016-6268 | Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before bui... | E S | |
| CVE-2016-6269 | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build... | E S | |
| CVE-2016-6270 | The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend M... | E | |
| CVE-2016-6271 | The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct sp... | S | |
| CVE-2016-6272 | XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML d... | E | |
| CVE-2016-6273 | The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 20... | | |
| CVE-2016-6276 | Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows lo... | | |
| CVE-2016-6277 | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7... | KEV E S | |
| CVE-2016-6283 | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attacke... | E | |
| CVE-2016-6285 | Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian... | E | |
| CVE-2016-6286 | The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environme... | M | |
| CVE-2016-6287 | The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffi... | M | |
| CVE-2016-6288 | The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to ... | M | |
| CVE-2016-6289 | Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.... | E M | |
| CVE-2016-6290 | ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not prope... | | |
| CVE-2016-6291 | The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6... | E S | |
| CVE-2016-6292 | The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24,... | E S | |
| CVE-2016-6293 | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode ... | E | |
| CVE-2016-6294 | The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x... | E S | |
| CVE-2016-6295 | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts... | E S | |
| CVE-2016-6296 | Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0... | E | |
| CVE-2016-6297 | Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38,... | E | |
| CVE-2016-6298 | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks th... | S | |
| CVE-2016-6299 | The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and... | E S | |
| CVE-2016-6300 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2016-6301 | The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to ... | S | |
| CVE-2016-6302 | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC s... | S | |
| CVE-2016-6303 | Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allow... | S | |
| CVE-2016-6304 | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.... | S | |
| CVE-2016-6305 | The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote a... | E | |
| CVE-2016-6306 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers... | S | |
| CVE-2016-6307 | The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for... | | |
| CVE-2016-6308 | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory befo... | | |
| CVE-2016-6309 | statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, whic... | | |
| CVE-2016-6310 | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log... | | |
| CVE-2016-6311 | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remo... | | |
| CVE-2016-6312 | The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat E... | | |
| CVE-2016-6313 | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, a... | | |
| CVE-2016-6314 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6315 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6316 | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x be... | | |
| CVE-2016-6317 | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parame... | | |
| CVE-2016-6318 | Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows loc... | | |
| CVE-2016-6319 | Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as ... | S | |
| CVE-2016-6320 | Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Forema... | S | |
| CVE-2016-6321 | Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 mig... | E S | |
| CVE-2016-6322 | Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which... | | |
| CVE-2016-6323 | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution con... | | |
| CVE-2016-6324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6325 | The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss E... | | |
| CVE-2016-6326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6327 | drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a... | S | |
| CVE-2016-6328 | A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the i... | S | |
| CVE-2016-6329 | OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext ... | | |
| CVE-2016-6330 | The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for ... | M | |
| CVE-2016-6331 | ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote a... | S | |
| CVE-2016-6332 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin... | S | |
| CVE-2016-6333 | Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before... | S | |
| CVE-2016-6334 | Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki be... | S | |
| CVE-2016-6335 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head item... | S | |
| CVE-2016-6336 | MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated... | S | |
| CVE-2016-6337 | MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restri... | S | |
| CVE-2016-6338 | ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers... | E | |
| CVE-2016-6339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4993. Reason: This candida... | R | |
| CVE-2016-6340 | The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deploy... | | |
| CVE-2016-6341 | oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files,... | S | |
| CVE-2016-6342 | elog 3.1.1 allows remote attackers to post data as any username in the logbook.... | | |
| CVE-2016-6343 | JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice auth... | | |
| CVE-2016-6344 | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session ... | | |
| CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficie... | | |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via uns... | | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote ... | | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script incl... | | |
| CVE-2016-6349 | The machinectl command in oci-register-machine allows local users to list running containers and pos... | S | |
| CVE-2016-6350 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and pa... | E S | |
| CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x ... | | |
| CVE-2016-6352 | The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a de... | E | |
| CVE-2016-6353 | Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by docu... | | |
| CVE-2016-6354 | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow conte... | S | |
| CVE-2016-6355 | Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR... | | |
| CVE-2016-6356 | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec... | | |
| CVE-2016-6357 | A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncO... | | |
| CVE-2016-6358 | A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthentica... | | |
| CVE-2016-6359 | Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) o... | | |
| CVE-2016-6360 | A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and W... | | |
| CVE-2016-6361 | The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 d... | | |
| CVE-2016-6362 | Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0,... | | |
| CVE-2016-6363 | The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 d... | | |
| CVE-2016-6364 | The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows ... | | |
| CVE-2016-6365 | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, ... | | |
| CVE-2016-6366 | Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA... | KEV E | |
| CVE-2016-6367 | Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWS... | KEV E | |
| CVE-2016-6368 | A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packet... | | |
| CVE-2016-6369 | Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathn... | | |
| CVE-2016-6370 | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi... | | |
| CVE-2016-6371 | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi... | | |
| CVE-2016-6372 | A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail ... | | |
| CVE-2016-6373 | The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated admini... | | |
| CVE-2016-6374 | Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a... | | |
| CVE-2016-6375 | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and ... | | |
| CVE-2016-6376 | The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (W... | | |
| CVE-2016-6377 | Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows... | | |
| CVE-2016-6378 | Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of ser... | | |
| CVE-2016-6379 | Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of ser... | | |
| CVE-2016-6380 | The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 a... | | |
| CVE-2016-6381 | Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to ... | | |
| CVE-2016-6382 | Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a d... | | |
| CVE-2016-6383 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6384 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote ... | | |
| CVE-2016-6385 | Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and I... | M | |
| CVE-2016-6386 | Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial... | | |
| CVE-2016-6387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6389 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6391 | Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-p... | | |
| CVE-2016-6392 | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a de... | | |
| CVE-2016-6393 | The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and... | | |
| CVE-2016-6394 | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Softw... | | |
| CVE-2016-6395 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Ma... | | |
| CVE-2016-6396 | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain ... | | |
| CVE-2016-6397 | A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Col... | | |
| CVE-2016-6398 | The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remo... | | |
| CVE-2016-6399 | Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine... | | |
| CVE-2016-6401 | Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 an... | | |
| CVE-2016-6402 | UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d... | | |
| CVE-2016-6403 | The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is e... | | |
| CVE-2016-6404 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5... | | |
| CVE-2016-6405 | Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restri... | | |
| CVE-2016-6406 | Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124,... | | |
| CVE-2016-6407 | Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to c... | | |
| CVE-2016-6408 | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containin... | | |
| CVE-2016-6409 | The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is ena... | | |
| CVE-2016-6410 | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the ... | | |
| CVE-2016-6411 | Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between ... | | |
| CVE-2016-6412 | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the ... | | |
| CVE-2016-6413 | The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(... | | |
| CVE-2016-6414 | iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local use... | | |
| CVE-2016-6415 | The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through... | KEV | |
| CVE-2016-6416 | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-0... | | |
| CVE-2016-6417 | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.... | | |
| CVE-2016-6418 | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS... | | |
| CVE-2016-6419 | SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote ... | | |
| CVE-2016-6420 | Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote au... | | |
| CVE-2016-6421 | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a craf... | | |
| CVE-2016-6422 | Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles ... | M | |
| CVE-2016-6423 | The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 s... | | |
| CVE-2016-6424 | The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7... | | |
| CVE-2016-6425 | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9... | | |
| CVE-2016-6426 | The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through... | | |
| CVE-2016-6427 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 th... | | |
| CVE-2016-6428 | Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin p... | | |
| CVE-2016-6429 | A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System ... | | |
| CVE-2016-6430 | A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration Sys... | | |
| CVE-2016-6431 | A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5... | | |
| CVE-2016-6432 | A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow a... | M | |
| CVE-2016-6433 | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote... | E | |
| CVE-2016-6434 | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users... | E | |
| CVE-2016-6435 | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read... | E | |
| CVE-2016-6436 | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco... | | |
| CVE-2016-6437 | A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) c... | | |
| CVE-2016-6438 | A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could al... | | |
| CVE-2016-6439 | A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Softwa... | | |
| CVE-2016-6440 | The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed insi... | | |
| CVE-2016-6441 | A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow... | | |
| CVE-2016-6442 | A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticate... | | |
| CVE-2016-6443 | A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL datab... | | |
| CVE-2016-6444 | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a... | | |
| CVE-2016-6445 | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meetin... | M | |
| CVE-2016-6446 | A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attack... | | |
| CVE-2016-6447 | A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attac... | | |
| CVE-2016-6448 | A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow... | | |
| CVE-2016-6449 | A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connec... | | |
| CVE-2016-6450 | A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticate... | | |
| CVE-2016-6451 | Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning cou... | | |
| CVE-2016-6452 | A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an u... | | |
| CVE-2016-6453 | A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an aut... | | |
| CVE-2016-6454 | A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collabora... | | |
| CVE-2016-6455 | A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Car... | | |
| CVE-2016-6457 | A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infras... | M | |
| CVE-2016-6458 | A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Sec... | | |
| CVE-2016-6459 | Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could all... | | |
| CVE-2016-6460 | A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST A... | | |
| CVE-2016-6461 | A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ... | | |
| CVE-2016-6462 | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Secur... | | |
| CVE-2016-6463 | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Secur... | | |
| CVE-2016-6464 | A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and P... | | |
| CVE-2016-6465 | A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Sec... | | |
| CVE-2016-6466 | A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an un... | | |
| CVE-2016-6467 | A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (... | | |
| CVE-2016-6468 | A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an un... | | |
| CVE-2016-6469 | A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could al... | | |
| CVE-2016-6470 | A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authe... | | |
| CVE-2016-6471 | A vulnerability in the web-based management interface of Cisco Firepower Management Center running F... | | |
| CVE-2016-6472 | A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (Cal... | | |
| CVE-2016-6473 | A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unau... | M | |
| CVE-2016-6474 | A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cis... | M | |
| CVE-2016-6479 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6479. Reason: This candida... | R | |
| CVE-2016-6480 | Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel... | | |
| CVE-2016-6483 | The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3... | E S | |
| CVE-2016-6484 | CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attack... | | |
| CVE-2016-6485 | The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function t... | | |
| CVE-2016-6486 | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to ... | | |
| CVE-2016-6489 | The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via... | S | |
| CVE-2016-6490 | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local gues... | S | |
| CVE-2016-6491 | Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5... | E S | |
| CVE-2016-6492 | The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local user... | E | |
| CVE-2016-6493 | Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow a... | | |
| CVE-2016-6494 | The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow l... | S | |
| CVE-2016-6495 | NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain inform... | S | |
| CVE-2016-6496 | The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote at... | | |
| CVE-2016-6497 | main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attacker... | S | |
| CVE-2016-6498 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6499 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6500 | Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF ... | | |
| CVE-2016-6501 | JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribut... | | |
| CVE-2016-6502 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2016-6503 | The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly i... | E | |
| CVE-2016-6504 | epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not ... | E | |
| CVE-2016-6505 | epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2... | E | |
| CVE-2016-6506 | epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before ... | S | |
| CVE-2016-6507 | epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote... | | |
| CVE-2016-6508 | epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before ... | | |
| CVE-2016-6509 | epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x befor... | S | |
| CVE-2016-6510 | Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.1... | | |
| CVE-2016-6511 | epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to caus... | | |
| CVE-2016-6512 | epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_gu... | E | |
| CVE-2016-6513 | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restric... | | |
| CVE-2016-6515 | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password le... | E S | |
| CVE-2016-6516 | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7... | S | |
| CVE-2016-6517 | Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impac... | E | |
| CVE-2016-6518 | Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote att... | | |
| CVE-2016-6519 | Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 a... | | |
| CVE-2016-6520 | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to hav... | S | |
| CVE-2016-6521 | Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grai... | E S | |
| CVE-2016-6522 | Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users ... | E S | |
| CVE-2016-6523 | Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 all... | S | |
| CVE-2016-6525 | Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows r... | S | |
| CVE-2016-6526 | The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) ... | | |
| CVE-2016-6527 | The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0)... | | |
| CVE-2016-6530 | Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr a... | M | |
| CVE-2016-6531 | Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to o... | | |
| CVE-2016-6532 | DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to... | | |
| CVE-2016-6534 | Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the ... | | |
| CVE-2016-6535 | AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allow... | | |
| CVE-2016-6536 | The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote atta... | | |
| CVE-2016-6537 | AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base6... | | |
| CVE-2016-6538 | TrackR Bravo mobile application stores account passwords in cleartext | E | |
| CVE-2016-6539 | TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID | E | |
| CVE-2016-6540 | TrackR Bravo is missing authentication for the cloud service and allows querying or sending of GPS data from unauthenticated users | | |
| CVE-2016-6541 | TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes | | |
| CVE-2016-6542 | The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device | M | |
| CVE-2016-6543 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data | M | |
| CVE-2016-6544 | iTrack Easy's getgps data can be modified without authentication | M | |
| CVE-2016-6545 | iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request | | |
| CVE-2016-6546 | iTrack Easy mobile application stores the user password in base-64 encoding/cleartext | E | |
| CVE-2016-6547 | Zizai Tech Nut stores the account password in cleartext | E | |
| CVE-2016-6548 | Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token | E | |
| CVE-2016-6549 | Zizai Tech Nut allows for unauthenticated Bluetooth pairing | E | |
| CVE-2016-6550 | The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL ser... | | |
| CVE-2016-6551 | Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials | | |
| CVE-2016-6552 | Green Packet DX-350 uses default credentials | | |
| CVE-2016-6553 | Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials | | |
| CVE-2016-6554 | Synology NAS servers DS107, DS116, and DS213, use default credentials | | |
| CVE-2016-6555 | OpenNMS Stored XSS via SNMP Trap Alerts | E S | |
| CVE-2016-6556 | OpenNMS Stored XSS via SNMP Agent Data | E S | |
| CVE-2016-6557 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery | | |
| CVE-2016-6558 | The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection | | |
| CVE-2016-6559 | The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow | | |
| CVE-2016-6560 | illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comp... | S | |
| CVE-2016-6561 | illumos smbsrv NULL pointer dereference allows system crash.... | E S | |
| CVE-2016-6562 | ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections | S | |
| CVE-2016-6563 | D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action | E | |
| CVE-2016-6564 | Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges | E | |
| CVE-2016-6565 | The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file | | |
| CVE-2016-6566 | The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database | | |
| CVE-2016-6567 | SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices | | |
| CVE-2016-6578 | CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF) | | |
| CVE-2016-6579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6580 | A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.... | M | |
| CVE-2016-6581 | A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.... | M | |
| CVE-2016-6582 | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or r... | S | |
| CVE-2016-6585 | A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.1... | | |
| CVE-2016-6586 | A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, w... | | |
| CVE-2016-6587 | An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec... | | |
| CVE-2016-6588 | A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Sy... | | |
| CVE-2016-6589 | A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symant... | | |
| CVE-2016-6590 | A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec ... | | |
| CVE-2016-6591 | A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if applicat... | | |
| CVE-2016-6592 | A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user c... | | |
| CVE-2016-6593 | A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Acces... | E | |
| CVE-2016-6594 | Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to... | M | |
| CVE-2016-6595 | The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of servic... | | |
| CVE-2016-6597 | Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remo... | | |
| CVE-2016-6598 | BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (Fi... | E | |
| CVE-2016-6599 | BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (C... | E | |
| CVE-2016-6600 | Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and ... | E | |
| CVE-2016-6601 | Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 an... | E | |
| CVE-2016-6602 | ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which all... | E | |
| CVE-2016-6603 | ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersona... | E | |
| CVE-2016-6604 | NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows at... | | |
| CVE-2016-6605 | Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.... | | |
| CVE-2016-6606 | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password ... | S | |
| CVE-2016-6607 | XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content... | S | |
| CVE-2016-6608 | XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove ... | S | |
| CVE-2016-6609 | An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitr... | S | |
| CVE-2016-6610 | A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particu... | S | |
| CVE-2016-6611 | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to... | S | |
| CVE-2016-6612 | An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to exp... | S | |
| CVE-2016-6613 | An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which... | S | |
| CVE-2016-6614 | An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the Sav... | S | |
| CVE-2016-6615 | XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding fea... | S | |
| CVE-2016-6616 | An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execu... | S | |
| CVE-2016-6617 | An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to... | S | |
| CVE-2016-6618 | An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-... | S | |
| CVE-2016-6619 | An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute ... | S | |
| CVE-2016-6620 | An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without... | S | |
| CVE-2016-6621 | The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 all... | | |
| CVE-2016-6622 | An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-servic... | S | |
| CVE-2016-6623 | An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack... | S | |
| CVE-2016-6624 | An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication ... | S | |
| CVE-2016-6625 | An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpM... | S | |
| CVE-2016-6626 | An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. Al... | S | |
| CVE-2016-6627 | An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location throug... | S | |
| CVE-2016-6628 | An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a speci... | S | |
| CVE-2016-6629 | An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration dire... | S | |
| CVE-2016-6630 | An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) a... | S | |
| CVE-2016-6631 | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a s... | S | |
| CVE-2016-6632 | An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete tem... | S | |
| CVE-2016-6633 | An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution att... | S | |
| CVE-2016-6634 | Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows... | S | |
| CVE-2016-6635 | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-ad... | S | |
| CVE-2016-6636 | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7... | | |
| CVE-2016-6637 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242... | | |
| CVE-2016-6638 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6639 | Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 24... | S | |
| CVE-2016-6640 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6641 | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated us... | | |
| CVE-2016-6642 | Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers... | | |
| CVE-2016-6643 | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inj... | | |
| CVE-2016-6644 | EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitr... | | |
| CVE-2016-6645 | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and S... | | |
| CVE-2016-6646 | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and S... | | |
| CVE-2016-6647 | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated us... | | |
| CVE-2016-6648 | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5... | | |
| CVE-2016-6649 | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5... | | |
| CVE-2016-6650 | EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5... | M | |
| CVE-2016-6651 | The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x... | M | |
| CVE-2016-6652 | SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before ... | S | |
| CVE-2016-6653 | The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows ... | | |
| CVE-2016-6654 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6655 | An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and... | S | |
| CVE-2016-6656 | An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHD... | M | |
| CVE-2016-6657 | An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime com... | M | |
| CVE-2016-6658 | Applications in cf-release before 245 can be configured and pushed with a user-provided custom build... | | |
| CVE-2016-6659 | Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before ... | | |
| CVE-2016-6660 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6662 | Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, ... | E S | |
| CVE-2016-6663 | Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x befo... | E S | |
| CVE-2016-6664 | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB;... | E S | |
| CVE-2016-6667 | NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privil... | S | |
| CVE-2016-6668 | The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.... | | |
| CVE-2016-6669 | Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, ... | | |
| CVE-2016-6670 | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random num... | M | |
| CVE-2016-6671 | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cau... | | |
| CVE-2016-6672 | The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers t... | | |
| CVE-2016-6673 | The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain pr... | | |
| CVE-2016-6674 | system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via ... | S | |
| CVE-2016-6675 | Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2... | S | |
| CVE-2016-6676 | Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-... | S | |
| CVE-2016-6677 | The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sen... | | |
| CVE-2016-6678 | The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtai... | | |
| CVE-2016-6679 | CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5... | S | |
| CVE-2016-6680 | CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X a... | | |
| CVE-2016-6681 | drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on... | S | |
| CVE-2016-6682 | drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on... | S | |
| CVE-2016-6683 | The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive inform... | | |
| CVE-2016-6684 | The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Play... | | |
| CVE-2016-6685 | The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive inf... | | |
| CVE-2016-6686 | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensi... | | |
| CVE-2016-6687 | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensi... | S | |
| CVE-2016-6688 | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensi... | S | |
| CVE-2016-6689 | Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensit... | E S | |
| CVE-2016-6690 | The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P,... | S | |
| CVE-2016-6691 | service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android befo... | S | |
| CVE-2016-6692 | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows... | S | |
| CVE-2016-6693 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05... | S | |
| CVE-2016-6694 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05... | S | |
| CVE-2016-6695 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05... | S | |
| CVE-2016-6696 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05... | S | |
| CVE-2016-6698 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | S | |
| CVE-2016-6699 | A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11... | S | |
| CVE-2016-6700 | An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.... | | |
| CVE-2016-6701 | A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an at... | | |
| CVE-2016-6702 | A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, an... | | |
| CVE-2016-6703 | A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0... | | |
| CVE-2016-6704 | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0... | | |
| CVE-2016-6705 | An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5... | | |
| CVE-2016-6706 | An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-... | S | |
| CVE-2016-6707 | An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 be... | E | |
| CVE-2016-6708 | An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local mal... | | |
| CVE-2016-6709 | An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 ... | | |
| CVE-2016-6710 | An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x... | | |
| CVE-2016-6711 | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x... | S | |
| CVE-2016-6712 | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x... | S | |
| CVE-2016-6713 | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 bef... | | |
| CVE-2016-6714 | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 bef... | | |
| CVE-2016-6715 | An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x bef... | | |
| CVE-2016-6716 | An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could ... | | |
| CVE-2016-6717 | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0... | | |
| CVE-2016-6718 | An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11... | | |
| CVE-2016-6719 | An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.... | | |
| CVE-2016-6720 | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4... | S | |
| CVE-2016-6721 | An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 befo... | | |
| CVE-2016-6722 | An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4... | S | |
| CVE-2016-6723 | A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0... | | |
| CVE-2016-6724 | A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x be... | | |
| CVE-2016-6725 | A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 cou... | | |
| CVE-2016-6726 | Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.... | S | |
| CVE-2016-6727 | The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbi... | S | |
| CVE-2016-6728 | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 cou... | S | |
| CVE-2016-6729 | An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 coul... | S | |
| CVE-2016-6730 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6731 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6732 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6733 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6734 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6735 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6736 | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6737 | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 cou... | S | |
| CVE-2016-6738 | An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-... | | |
| CVE-2016-6739 | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c... | S | |
| CVE-2016-6740 | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c... | S | |
| CVE-2016-6741 | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 c... | S | |
| CVE-2016-6742 | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1... | S | |
| CVE-2016-6743 | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1... | S | |
| CVE-2016-6744 | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1... | S | |
| CVE-2016-6745 | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1... | S | |
| CVE-2016-6746 | An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could ... | | |
| CVE-2016-6747 | A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attack... | S | |
| CVE-2016-6748 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | S | |
| CVE-2016-6749 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | S | |
| CVE-2016-6750 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | S | |
| CVE-2016-6751 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | | |
| CVE-2016-6752 | An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive... | S | |
| CVE-2016-6753 | An information disclosure vulnerability in kernel components, including the process-grouping subsyst... | | |
| CVE-2016-6754 | A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ... | E | |
| CVE-2016-6755 | An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious... | | |
| CVE-2016-6756 | An information disclosure vulnerability in Qualcomm components including the camera driver and video... | | |
| CVE-2016-6757 | An information disclosure vulnerability in Qualcomm components including the camera driver and video... | | |
| CVE-2016-6758 | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious appl... | | |
| CVE-2016-6759 | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious appl... | | |
| CVE-2016-6760 | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious appl... | | |
| CVE-2016-6761 | An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious appl... | | |
| CVE-2016-6762 | An elevation of privilege vulnerability in the libziparchive library could enable a local malicious ... | | |
| CVE-2016-6763 | A denial of service vulnerability in Telephony could enable a local malicious application to use a s... | | |
| CVE-2016-6764 | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted... | | |
| CVE-2016-6765 | A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a... | | |
| CVE-2016-6766 | A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an atta... | | |
| CVE-2016-6767 | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted... | | |
| CVE-2016-6768 | A remote code execution vulnerability in the Framesequence library could enable an attacker using a ... | | |
| CVE-2016-6769 | An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access ... | | |
| CVE-2016-6770 | An elevation of privilege vulnerability in the Framework API could enable a local malicious applicat... | | |
| CVE-2016-6771 | An elevation of privilege vulnerability in Telephony could enable a local malicious application to a... | | |
| CVE-2016-6772 | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execu... | E | |
| CVE-2016-6773 | An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local ma... | | |
| CVE-2016-6774 | An information disclosure vulnerability in Package Manager could enable a local malicious applicatio... | | |
| CVE-2016-6775 | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl... | | |
| CVE-2016-6776 | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl... | | |
| CVE-2016-6777 | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious appl... | | |
| CVE-2016-6778 | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious... | | |
| CVE-2016-6779 | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious... | | |
| CVE-2016-6780 | An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious... | | |
| CVE-2016-6781 | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic... | | |
| CVE-2016-6782 | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic... | | |
| CVE-2016-6783 | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic... | | |
| CVE-2016-6784 | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic... | | |
| CVE-2016-6785 | An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious applic... | | |
| CVE-2016-6786 | kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks du... | S | |
| CVE-2016-6787 | kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks du... | S | |
| CVE-2016-6788 | An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious ap... | | |
| CVE-2016-6789 | An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local... | | |
| CVE-2016-6790 | An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local... | | |
| CVE-2016-6791 | An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious ... | | |
| CVE-2016-6793 | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote atta... | | |
| CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to read system properties should b... | S | |
| CVE-2016-6795 | In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possibl... | | |
| CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1... | S | |
| CVE-2016-6797 | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.... | S | |
| CVE-2016-6798 | In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an... | | |
| CVE-2016-6799 | Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. M... | | |
| CVE-2016-6800 | The default configuration of the Apache OFBiz framework offers a blog functionality. Different users... | M | |
| CVE-2016-6801 | Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav ... | | |
| CVE-2016-6802 | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by lev... | | |
| CVE-2016-6803 | An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache Ope... | | |
| CVE-2016-6804 | The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) ... | | |
| CVE-2016-6805 | Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modif... | | |
| CVE-2016-6806 | Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure th... | | |
| CVE-2016-6807 | Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, l... | | |
| CVE-2016-6808 | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.... | E M | |
| CVE-2016-6809 | Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. ... | | |
| CVE-2016-6810 | In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi... | | |
| CVE-2016-6811 | In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary c... | | |
| CVE-2016-6812 | The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServi... | S | |
| CVE-2016-6813 | Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to registe... | | |
| CVE-2016-6814 | When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy ... | S | |
| CVE-2016-6815 | In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password f... | | |
| CVE-2016-6816 | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.7... | E | |
| CVE-2016-6817 | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infini... | | |
| CVE-2016-6818 | SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote ... | | |
| CVE-2016-6820 | MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive informat... | S | |
| CVE-2016-6823 | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a ... | S | |
| CVE-2016-6824 | Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 al... | | |
| CVE-2016-6825 | Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 se... | | |
| CVE-2016-6826 | Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (applicatio... | | |
| CVE-2016-6827 | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remo... | | |
| CVE-2016-6828 | The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not prop... | E S | |
| CVE-2016-6829 | The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (a... | S | |
| CVE-2016-6830 | The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for h... | S | |
| CVE-2016-6831 | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve()... | S | |
| CVE-2016-6832 | Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allo... | E S | |
| CVE-2016-6833 | Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka ... | S | |
| CVE-2016-6834 | The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allo... | S | |
| CVE-2016-6835 | The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allo... | S | |
| CVE-2016-6836 | The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local g... | S | |
| CVE-2016-6837 | Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, ... | S | |
| CVE-2016-6838 | Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with sof... | | |
| CVE-2016-6839 | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to in... | | |
| CVE-2016-6840 | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before ... | E | |
| CVE-2016-6842 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to J... | | |
| CVE-2016-6843 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected ... | | |
| CVE-2016-6844 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files... | | |
| CVE-2016-6845 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlink... | | |
| CVE-2016-6846 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7... | | |
| CVE-2016-6847 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3... | | |
| CVE-2016-6848 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to ... | | |
| CVE-2016-6850 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as pro... | | |
| CVE-2016-6851 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as p... | E | |
| CVE-2016-6852 | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file... | | |
| CVE-2016-6853 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to ex... | E | |
| CVE-2016-6854 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected t... | E | |
| CVE-2016-6855 | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when ... | E S | |
| CVE-2016-6856 | Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (H... | | |
| CVE-2016-6857 | Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Consol... | | |
| CVE-2016-6858 | Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console... | | |
| CVE-2016-6859 | Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive... | | |
| CVE-2016-6866 | slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, whi... | S | |
| CVE-2016-6870 | Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functio... | S | |
| CVE-2016-6871 | Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impac... | S | |
| CVE-2016-6872 | Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unsp... | S | |
| CVE-2016-6873 | Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact... | S | |
| CVE-2016-6874 | The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified ... | | |
| CVE-2016-6875 | Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impac... | S | |
| CVE-2016-6876 | The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2... | | |
| CVE-2016-6877 | Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redi... | | |
| CVE-2016-6878 | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might... | | |
| CVE-2016-6879 | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to... | | |
| CVE-2016-6881 | The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to c... | | |
| CVE-2016-6882 | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote... | S | |
| CVE-2016-6883 | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive... | S | |
| CVE-2016-6884 | TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers ... | | |
| CVE-2016-6885 | The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of ser... | S | |
| CVE-2016-6886 | The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of ser... | S | |
| CVE-2016-6887 | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponenti... | S | |
| CVE-2016-6888 | Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator)... | S | |
| CVE-2016-6890 | Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary co... | S | |
| CVE-2016-6891 | MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via... | S | |
| CVE-2016-6892 | The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial ... | S | |
| CVE-2016-6893 | Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before... | | |
| CVE-2016-6894 | Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devi... | S | |
| CVE-2016-6895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5333. Reason: This candida... | R | |
| CVE-2016-6896 | Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-ac... | E | |
| CVE-2016-6897 | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/in... | E | |
| CVE-2016-6898 | XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack se... | | |
| CVE-2016-6899 | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software bef... | | |
| CVE-2016-6900 | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software bef... | | |
| CVE-2016-6901 | Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR25... | | |
| CVE-2016-6902 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrar... | S | |
| CVE-2016-6903 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrar... | S | |
| CVE-2016-6904 | Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts ... | | |
| CVE-2016-6905 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows r... | S | |
| CVE-2016-6906 | The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows r... | S | |
| CVE-2016-6908 | Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in... | | |
| CVE-2016-6909 | Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and... | E | |
| CVE-2016-6910 | The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 bui... | | |
| CVE-2016-6911 | The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attacke... | S | |
| CVE-2016-6912 | Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) befor... | S | |
| CVE-2016-6913 | Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows re... | E | |
| CVE-2016-6914 | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, ... | E | |
| CVE-2016-6915 | Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before... | | |
| CVE-2016-6916 | Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, S... | | |
| CVE-2016-6917 | Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Sh... | | |
| CVE-2016-6918 | Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary comman... | | |
| CVE-2016-6920 | Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 a... | | |
| CVE-2016-6921 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6922 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-6923 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6924 | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and... | S | |
| CVE-2016-6925 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6926 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6927 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6928 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6929 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6930 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6931 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6932 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23... | S | |
| CVE-2016-6933 | Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an ... | S | |
| CVE-2016-6934 | Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an ... | S | |
| CVE-2016-6935 | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.... | | |
| CVE-2016-6936 | Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics tra... | | |
| CVE-2016-6937 | Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, ... | | |
| CVE-2016-6938 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader ... | | |
| CVE-2016-6939 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC... | M | |
| CVE-2016-6940 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6941 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6942 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6943 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6944 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6945 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6946 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6947 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6948 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6949 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6950 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6951 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6952 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6953 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6954 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6955 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6956 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6957 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6958 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6959 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6960 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6961 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6962 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6963 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6964 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6965 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6966 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6967 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6968 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6969 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6970 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6971 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6972 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6973 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6974 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6975 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6976 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6977 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6978 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6979 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6980 | Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbi... | S | |
| CVE-2016-6981 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23... | S | |
| CVE-2016-6982 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6983 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6984 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6985 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6986 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6987 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23... | S | |
| CVE-2016-6988 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6989 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6990 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2016-6992 | Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and... | S | |
| CVE-2016-6993 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader ... | S | |
| CVE-2016-6994 | Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC... | S | |
| CVE-2016-6995 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6996 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6997 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6998 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, ... | S | |
| CVE-2016-6999 | Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic b... | S |