CVEs from 2016
Total
8,565
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-6770 | low | 3.3 | 3.3 | 10y ago | An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it … | |
| CVE-2016-8334 | low | 3.3 | 3.3 | 10y ago | A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory … | |
| CVE-2016-9908 | low | 3.3 | 3.3 | 10y ago | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest use… | |
| CVE-2016-2877 | low | 3.3 | 3.3 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file. | |
| CVE-2016-2949 | low | 3.3 | 3.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | |
| CVE-2016-7220 | low | 3.3 | 3.3 | 10y ago | Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability." | |
| CVE-2016-7214 | low | 3.3 | 3.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160… | |
| CVE-2016-5615 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. | |
| CVE-2016-5525 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | |
| CVE-2016-5508 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo. | |
| CVE-2016-5499 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability t… | |
| CVE-2016-5498 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability t… | |
| CVE-2016-5490 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA. | |
| CVE-2016-7437 | low | 3.3 | 3.3 | 10y ago | SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks … | |
| CVE-2016-5432 | low | 3.3 | 3.3 | 10y ago | The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | |
| CVE-2016-4717 | low | 3.3 | 3.3 | 10y ago | The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | |
| CVE-2016-4715 | low | 3.3 | 3.3 | 10y ago | The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |
| CVE-2016-4749 | low | 3.3 | 3.3 | 10y ago | Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. | |
| CVE-2016-4620 | low | 3.3 | 3.3 | 10y ago | The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via… | |
| CVE-2016-3354 | low | 3.3 | 3.3 | 10y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |
| CVE-2016-3344 | low | 3.3 | 3.3 | 10y ago | The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosu… | |
| CVE-2016-0137 | low | 3.3 | 3.3 | 10y ago | The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass." | |
| CVE-2016-5812 | low | 3.3 | 3.3 | 10y ago | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by r… | |
| CVE-2016-0380 | low | 3.3 | 3.3 | 10y ago | IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via … | |
| CVE-2016-6224 | low | 3.3 | 3.3 | 10y ago | ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obt… | |
| CVE-2016-4645 | low | 3.3 | 3.3 | 10y ago | CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-3469 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors relate… | |
| CVE-2016-3763 | low | 3.3 | 3.3 | 10y ago | net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is… | |
| CVE-2016-3759 | low | 3.3 | 3.3 | 10y ago | The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert … | |
| CVE-2016-1862 | low | 3.3 | 3.3 | 10y ago | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |
| CVE-2016-1860 | low | 3.3 | 3.3 | 10y ago | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |
| CVE-2016-4527 | low | 3.3 | 3.3 | 10y ago | ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-4516 | low | 3.3 | 3.3 | 10y ago | ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-3711 | low | 3.3 | 3.3 | 10y ago | HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | |
| CVE-2016-4486 | low | 3.3 | 3.3 | 10y ago | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from … | |
| CVE-2016-1849 | low | 3.3 | 3.3 | 10y ago | The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users t… | |
| CVE-2016-1798 | low | 3.3 | 3.3 | 10y ago | Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |
| CVE-2016-1796 | low | 3.3 | 3.3 | 10y ago | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted a… | |
| CVE-2016-1791 | low | 3.3 | 3.3 | 10y ago | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |
| CVE-2016-1790 | low | 3.3 | 3.3 | 10y ago | Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |
| CVE-2016-0707 | low | 3.3 | 3.3 | 10y ago | The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive infor… | |
| CVE-2016-0175 | low | 3.3 | 3.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |
| CVE-2016-3716 | low | 3.3 | 3.3 | 10y ago | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |
| CVE-2016-3419 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. | |
| CVE-2016-0691 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerabil… | |
| CVE-2016-0690 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerabil… | |
| CVE-2016-0643 | low | 3.3 | 3.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users… | |
| CVE-2016-2057 | low | 3.3 | 3.3 | 10y ago | lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to th… | |
| CVE-2016-1773 | low | 3.3 | 3.3 | 10y ago | The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |
| CVE-2016-1758 | low | 3.3 | 3.3 | 10y ago | The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |
| CVE-2016-1748 | low | 3.3 | 3.3 | 10y ago | IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |
| CVE-2016-2091 | low | 3.3 | 3.3 | 10y ago | The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. | |
| CVE-2016-0493 | low | — | 3.3 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography. | |
| CVE-2016-0435 | low | — | 3.3 | 11y ago | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality and integrity via vectors rel… | |
| CVE-2016-0406 | low | — | 3.3 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc. | |
| CVE-2016-7812 | low | 3.1 | 3.1 | 9y ago | The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to… | |
| CVE-2016-9471 | low | 3.1 | 3.1 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters w… | |
| CVE-2016-9697 | low | 3.1 | 3.1 | 9y ago | An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed betw… | |
| CVE-2016-9009 | low | 3.1 | 3.1 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | |
| CVE-2016-6001 | low | 3.1 | 3.1 | 9y ago | IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | |
| CVE-2016-8942 | low | 3.1 | 3.1 | 9y ago | IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | |
| CVE-2016-8314 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult… | |
| CVE-2016-5509 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0… | |
| CVE-2016-2380 | low | 3.1 | 3.1 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced … | |
| CVE-2016-2874 | low | 3.1 | 3.1 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-7239 | low | 3.1 | 3.1 | 10y ago | The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information… | |
| CVE-2016-7227 | low | 3.1 | 3.1 | 10y ago | The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser I… | |
| CVE-2016-7204 | low | 3.1 | 3.1 | 10y ago | Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |
| CVE-2016-7199 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsof… | |
| CVE-2016-8288 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |
| CVE-2016-8286 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. | |
| CVE-2016-5618 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated us… | |
| CVE-2016-5561 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE. | |
| CVE-2016-5542 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. | |
| CVE-2016-5506 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. | |
| CVE-2016-0379 | low | 3.1 | 3.1 | 10y ago | IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager… | |
| CVE-2016-3325 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |
| CVE-2016-5166 | low | 3.1 | 3.1 | 10y ago | The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// … | |
| CVE-2016-0385 | low | 3.1 | 3.1 | 10y ago | Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is en… | |
| CVE-2016-4583 | low | 3.1 | 3.1 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing at… | |
| CVE-2016-5473 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to Fi… | |
| CVE-2016-3516 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali… | |
| CVE-2016-3276 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |
| CVE-2016-3274 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |
| CVE-2016-3428 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vector… | |
| CVE-2016-3426 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | |
| CVE-2016-2513 | low | 3.1 | 3.1 | 10y ago | The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | |
| CVE-2016-0125 | low | 3.1 | 3.1 | 10y ago | Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information D… | |
| CVE-2016-1500 | low | 3.1 | 3.1 | 11y ago | ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, … | |
| CVE-2016-3490 | low | 3.0 | 3.0 | 10y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remot… | |
| CVE-2016-4534 | low | 3.0 | 3.0 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and… | |
| CVE-2016-4740 | low | 2.9 | 2.9 | 10y ago | Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via… | |
| CVE-2016-3485 | low | 2.9 | 2.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. | |
| CVE-2016-5551 | low | 2.8 | 2.8 | 9y ago | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerabil… | |
| CVE-2016-5480 | low | 2.8 | 2.8 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. | |
| CVE-2016-3272 | low | 2.8 | 2.8 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive inf… | |
| CVE-2016-3251 | low | 2.8 | 2.8 | 10y ago | The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo… | |
| CVE-2016-4511 | low | 2.8 | 2.8 | 10y ago | ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to t… | |
| CVE-2016-0607 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. | |
| CVE-2016-5979 | low | 2.7 | 2.7 | 9y ago | IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the… |