CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6793 | critical | 9.1 | 9.1 | 9y ago | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe… | |||
| CVE-2016-7835 | critical | 9.1 | 9.1 | 9y ago | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |||
| CVE-2016-8649 | critical | 9.1 | 9.1 | 9y ago | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f… | |||
| CVE-2016-8721 | critical | 9.1 | 9.1 | 9y ago | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input ca… | |||
| CVE-2016-6111 | critical | 9.1 | 9.1 | 9y ago | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… | |||
| CVE-2016-9121 | critical | 9.1 | 9.1 | 9y ago | go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu… | |||
| CVE-2016-9814 | critical | 9.1 | 9.1 | 9y ago | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers … | |||
| CVE-2016-9706 | critical | 9.1 | 9.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… | |||
| CVE-2016-9362 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform … | |||
| CVE-2016-9639 | critical | 9.1 | 9.1 | 9y ago | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||
| CVE-2016-2908 | critical | 9.1 | 9.1 | 10y ago | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker… | |||
| CVE-2016-8491 | critical | 9.1 | 9.1 | 10y ago | The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||
| CVE-2016-6269 | critical | 9.1 | 9.1 | 10y ago | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a… | |||
| CVE-2016-8325 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2016-6223 | critical | 9.1 | 9.1 | 10y ago | The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a … | |||
| CVE-2016-3415 | critical | 9.1 | 9.1 | 10y ago | Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | |||
| CVE-2016-9584 | critical | 9.1 | 9.1 | 10y ago | libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | |||
| CVE-2016-7460 | critical | 9.1 | 9.1 | 10y ago | The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of ser… | |||
| CVE-2016-9180 | critical | 9.1 | 9.1 | 10y ago | perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's … | |||
| CVE-2016-6520 | critical | 9.1 | 9.1 | 10y ago | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||
| CVE-2016-9480 | critical | 9.1 | 9.1 | 10y ago | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" … | |||
| CVE-2016-3028 | critical | 9.1 | 9.1 | 10y ago | IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leve… | |||
| CVE-2016-5763 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update… | |||
| CVE-2016-9272 | critical | 9.1 | 9.1 | 10y ago | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||
| CVE-2016-6445 | critical | 9.1 | 9.1 | 10y ago | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… | |||
| CVE-2016-5605 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | |||
| CVE-2016-5599 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and inte… | |||
| CVE-2016-5555 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-8565 | critical | 9.1 | 9.1 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | |||
| CVE-2016-1000112 | critical | 9.1 | 9.1 | 10y ago | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||
| CVE-2016-7435 | critical | 9.1 | 9.1 | 10y ago | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer… | |||
| CVE-2016-4694 | critical | 9.1 | 9.1 | 10y ago | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data… | |||
| CVE-2016-0903 | critical | 9.1 | 9.1 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … | |||
| CVE-2016-6394 | critical | 9.1 | 9.1 | 10y ago | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … | |||
| CVE-2016-6254 | critical | 9.1 | 9.1 | 10y ago | Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly exec… | |||
| CVE-2016-6582 | critical | 9.1 | 9.1 | 10y ago | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat… | |||
| CVE-2016-3312 | critical | 9.1 | 9.1 | 10y ago | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Info… | |||
| CVE-2016-5116 | critical | 9.1 | 9.1 | 10y ago | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memor… | |||
| CVE-2016-5114 | critical | 9.1 | 9.1 | 10y ago | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information… | |||
| CVE-2016-3546 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vector… | |||
| CVE-2016-3543 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3541 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3527 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-4532 | critical | 9.1 | 9.1 | 10y ago | Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2016-4510 | critical | 9.1 | 9.1 | 10y ago | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | |||
| CVE-2016-4360 | critical | 9.1 | 9.1 | 10y ago | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.5… | |||
| CVE-2016-2029 | critical | 9.1 | 9.1 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. | |||
| CVE-2016-2018 | critical | 9.1 | 9.1 | 10y ago | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-4432 | critical | 9.1 | 9.1 | 10y ago | AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication | |||
| CVE-2016-4501 | critical | 9.1 | 9.1 | 10y ago | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via … | |||
| CVE-2016-3466 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-0699 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… | |||
| CVE-2016-1034 | critical | 9.1 | 9.1 | 10y ago | The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec… | |||
| CVE-2016-3065 | critical | 9.1 | 9.1 | 10y ago | The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… | |||
| CVE-2016-1154 | critical | 9.1 | 9.1 | 10y ago | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-1903 | critical | 9.1 | 9.1 | 11y ago | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or ca… | |||
| CVE-2016-1142 | critical | 9.1 | 9.1 | 11y ago | Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-4435 | critical | 9.0 | 9.0 | 9y ago | An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attac… | |||
| CVE-2016-9470 | critical | 9.0 | 9.0 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables … | |||
| CVE-2016-10127 | critical | 9.0 | 9.0 | 9y ago | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||
| CVE-2016-5528 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln… | |||
| CVE-2016-3609 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3454 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2016-0499 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2016-8016 | low | 3.4 | 4.4 | 9y ago | Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR… | |||
| CVE-2016-4486 | low | 3.3 | 4.3 | 10y ago | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from … | |||
| CVE-2016-3716 | low | 3.3 | 4.3 | 10y ago | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||
| CVE-2016-3325 | low | 3.1 | 4.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-4534 | low | 3.0 | 4.0 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and… | |||
| CVE-2016-3159 | low | 3.8 | 3.8 | 10y ago | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensiti… | |||
| CVE-2016-3158 | low | 3.8 | 3.8 | 10y ago | The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive … | |||
| CVE-2016-0238 | low | 3.7 | 3.7 | 9y ago | IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… | |||
| CVE-2016-6102 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, r… | |||
| CVE-2016-7577 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger… | |||
| CVE-2016-8344 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release… | |||
| CVE-2016-8217 | low | 3.7 | 3.7 | 9y ago | EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which… | |||
| CVE-2016-5953 | low | 3.7 | 3.7 | 10y ago | IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa… | |||
| CVE-2016-3045 | low | 3.7 | 3.7 | 10y ago | IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer he… | |||
| CVE-2016-0297 | low | 3.7 | 3.7 | 10y ago | IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the mi… | |||
| CVE-2016-8330 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthent… | |||
| CVE-2016-8328 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unau… | |||
| CVE-2016-1551 | low | 3.7 | 3.7 | 10y ago | ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference cloc… | |||
| CVE-2016-7429 | low | 3.7 | 3.7 | 10y ago | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source)… | |||
| CVE-2016-9015 | low | 3.7 | 3.7 | 10y ago | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the l… | |||
| CVE-2016-4323 | low | 3.7 | 3.7 | 10y ago | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or … | |||
| CVE-2016-7903 | low | 3.7 | 3.7 | 10y ago | Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | |||
| CVE-2016-2953 | low | 3.7 | 3.7 | 10y ago | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-2952 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||
| CVE-2016-2951 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the … | |||
| CVE-2016-0378 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||
| CVE-2016-0372 | low | 3.7 | 3.7 | 10y ago | IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … | |||
| CVE-2016-0353 | low | 3.7 | 3.7 | 10y ago | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remot… | |||
| CVE-2016-5481 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Cor… | |||
| CVE-2016-1000033 | low | 3.7 | 3.7 | 10y ago | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||
| CVE-2016-0240 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier fo… | |||
| CVE-2016-0248 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||
| CVE-2016-4739 | low | 3.7 | 3.7 | 10y ago | mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending … | |||
| CVE-2016-4747 | low | 3.7 | 3.7 | 10y ago | Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||
| CVE-2016-4379 | low | 3.7 | 3.7 | 10y ago | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers t… | |||
| CVE-2016-5429 | low | 3.7 | 3.7 | 10y ago | jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and… |