CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7226 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, … | |||
| CVE-2016-7225 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, … | |||
| CVE-2016-7224 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files… | |||
| CVE-2016-7851 | medium | 6.1 | 7.1 | 10y ago | Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks. | |||
| CVE-2016-8581 | medium | 6.1 | 7.1 | 10y ago | A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the c… | |||
| CVE-2016-6186 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an… | |||
| CVE-2016-0400 | medium | 6.1 | 7.1 | 10y ago | CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP hea… | |||
| CVE-2016-3670 | medium | 6.1 | 7.1 | 10y ago | Liferay Portal Vulnerable to XSS in Profile Search Functionality | |||
| CVE-2016-2279 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2016-1252 | medium | 5.9 | 6.9 | 9y ago | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 bef… | |||
| CVE-2016-6883 | medium | 5.9 | 6.9 | 9y ago | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | |||
| CVE-2016-6210 | medium | 5.9 | 6.9 | 9y ago | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu… | |||
| CVE-2016-5725 | medium | 5.9 | 6.9 | 10y ago | Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch | |||
| CVE-2016-5348 | medium | 5.9 | 6.9 | 10y ago | The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service… | |||
| CVE-2016-6512 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a c… | |||
| CVE-2016-6505 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and appl… | |||
| CVE-2016-6504 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-6503 | medium | 5.9 | 6.9 | 10y ago | The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of servic… | |||
| CVE-2016-2107 | medium | 5.9 | 6.9 | 10y ago | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart… | |||
| CVE-2016-3447 | medium | 6.9 | 6.9 | 10y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity … | |||
| CVE-2016-0800 | medium | 5.9 | 6.9 | 10y ago | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain p… | |||
| CVE-2016-1187 | medium | 6.8 | 6.8 | 9y ago | Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | |||
| CVE-2016-6338 | medium | 6.8 | 6.8 | 9y ago | ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restric… | |||
| CVE-2016-4031 | medium | 6.8 | 6.8 | 9y ago | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-… | |||
| CVE-2016-4030 | medium | 6.8 | 6.8 | 9y ago | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-… | |||
| CVE-2016-7585 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover… | |||
| CVE-2016-2981 | medium | 6.8 | 6.8 | 9y ago | An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. | |||
| CVE-2016-7601 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval … | |||
| CVE-2016-4781 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode atte… | |||
| CVE-2016-4690 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HI… | |||
| CVE-2016-9345 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the… | |||
| CVE-2016-9337 | medium | 6.8 | 6.8 | 9y ago | An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to comm… | |||
| CVE-2016-6034 | medium | 6.8 | 6.8 | 10y ago | IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | |||
| CVE-2016-8318 | medium | 6.8 | 6.8 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily ex… | |||
| CVE-2016-4484 | medium | 6.8 | 6.8 | 10y ago | The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | |||
| CVE-2016-2312 | medium | 6.8 | 6.8 | 10y ago | Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | |||
| CVE-2016-6614 | medium | 6.8 | 6.8 | 10y ago | An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user… | |||
| CVE-2016-3047 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecifi… | |||
| CVE-2016-2933 | medium | 6.8 | 6.8 | 10y ago | Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | |||
| CVE-2016-8633 | medium | 6.8 | 6.8 | 10y ago | drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | |||
| CVE-2016-9451 | medium | 6.8 | 6.8 | 10y ago | Drupal Open Redirect | |||
| CVE-2016-5610 | medium | 6.8 | 6.8 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability… | |||
| CVE-2016-0204 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… | |||
| CVE-2016-6172 | medium | 6.8 | 6.8 | 10y ago | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXF… | |||
| CVE-2016-5977 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0… | |||
| CVE-2016-5972 | medium | 6.8 | 6.8 | 10y ago | IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive in… | |||
| CVE-2016-3040 | medium | 6.8 | 6.8 | 10y ago | IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users… | |||
| CVE-2016-4763 | medium | 6.8 | 6.8 | 10y ago | WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attack… | |||
| CVE-2016-3889 | medium | 6.8 | 6.8 | 10y ago | Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a syst… | |||
| CVE-2016-3886 | medium | 6.8 | 6.8 | 10y ago | systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attacker… | |||
| CVE-2016-3876 | medium | 6.8 | 6.8 | 10y ago | providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and b… | |||
| CVE-2016-3875 | medium | 6.8 | 6.8 | 10y ago | server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restriction… | |||
| CVE-2016-5847 | medium | 5.8 | 6.8 | 10y ago | SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security… | |||
| CVE-2016-5878 | medium | 6.8 | 6.8 | 10y ago | Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… | |||
| CVE-2016-0230 | medium | 6.8 | 6.8 | 10y ago | IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows … | |||
| CVE-2016-2167 | medium | 6.8 | 6.8 | 10y ago | The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate … | |||
| CVE-2016-0774 | medium | 6.8 | 6.8 | 10y ago | The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-… | |||
| CVE-2016-0128 | medium | 6.8 | 6.8 | 10y ago | The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows … | |||
| CVE-2016-1563 | medium | 6.8 | 6.8 | 10y ago | NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte… | |||
| CVE-2016-1734 | medium | 6.8 | 6.8 | 10y ago | AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupt… | |||
| CVE-2016-2088 | medium | 6.8 | 6.8 | 10y ago | resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed … | |||
| CVE-2016-1285 | medium | 6.8 | 6.8 | 10y ago | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service … | |||
| CVE-2016-0133 | medium | 6.8 | 6.8 | 10y ago | The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold … | |||
| CVE-2016-2562 | medium | 6.8 | 6.8 | 10y ago | phpMyAdmin Improper Input Validation | |||
| CVE-2016-2270 | medium | 6.8 | 6.8 | 10y ago | Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||
| CVE-2016-2268 | medium | 6.8 | 6.8 | 10y ago | Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2016-0723 | medium | 6.8 | 6.8 | 11y ago | Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (… | |||
| CVE-2016-0505 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0504 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-050… | |||
| CVE-2016-0441 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unkno… | |||
| CVE-2016-0415 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-9197 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying o… | |||
| CVE-2016-9196 | medium | 6.7 | 6.7 | 9y ago | A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to… | |||
| CVE-2016-8793 | medium | 6.7 | 6.7 | 9y ago | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Vers… | |||
| CVE-2016-8775 | medium | 6.7 | 6.7 | 9y ago | Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows at… | |||
| CVE-2016-8774 | medium | 6.7 | 6.7 | 9y ago | The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones… | |||
| CVE-2016-4315 | medium | 5.7 | 6.7 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action… | |||
| CVE-2016-9360 | medium | 6.7 | 6.7 | 9y ago | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Versi… | |||
| CVE-2016-8216 | medium | 6.7 | 6.7 | 9y ago | EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain … | |||
| CVE-2016-6649 | medium | 6.7 | 6.7 | 9y ago | EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with … | |||
| CVE-2016-8214 | medium | 6.7 | 6.7 | 10y ago | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||
| CVE-2016-9870 | medium | 6.7 | 6.7 | 10y ago | EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerabilit… | |||
| CVE-2016-8103 | medium | 6.7 | 6.7 | 10y ago | SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. | |||
| CVE-2016-5540 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5538 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability… | |||
| CVE-2016-7154 | medium | 6.7 | 6.7 | 10y ago | Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain s… | |||
| CVE-2016-0905 | medium | 6.7 | 6.7 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | |||
| CVE-2016-6351 | medium | 6.7 | 6.7 | 10y ago | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (ou… | |||
| CVE-2016-3489 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via un… | |||
| CVE-2016-5848 | medium | 6.7 | 6.7 | 10y ago | Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||
| CVE-2016-4962 | medium | 6.7 | 6.7 | 10y ago | The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges… | |||
| CVE-2016-0908 | medium | 6.7 | 6.7 | 10y ago | EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | |||
| CVE-2016-4439 | medium | 6.7 | 6.7 | 10y ago | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause … | |||
| CVE-2016-0678 | medium | 6.7 | 6.7 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors… | |||
| CVE-2016-1267 | medium | 6.7 | 6.7 | 10y ago | Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13… | |||
| CVE-2016-1320 | medium | 6.7 | 6.7 | 10y ago | The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | |||
| CVE-2016-3129 | medium | 6.6 | 6.6 | 10y ago | A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote at… | |||
| CVE-2016-8561 | medium | 6.6 | 6.6 | 10y ago | A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the … | |||
| CVE-2016-5025 | medium | 6.6 | 6.6 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows… | |||
| CVE-2016-5581 | medium | 6.6 | 6.6 | 10y ago | Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and … |