CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1571 | medium | 6.3 | 6.3 | 11y ago | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of… | |||
| CVE-2016-1910 | medium | 5.3 | 6.3 | 11y ago | The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||
| CVE-2016-10398 | medium | 6.2 | 6.2 | 9y ago | Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by… | |||
| CVE-2016-0764 | medium | 6.2 | 6.2 | 9y ago | Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux… | |||
| CVE-2016-7609 | medium | 6.2 | 6.2 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of servic… | |||
| CVE-2016-7600 | medium | 6.2 | 6.2 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging… | |||
| CVE-2016-6092 | medium | 6.2 | 6.2 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | |||
| CVE-2016-10011 | medium | 6.2 | 6.2 | 10y ago | authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging … | |||
| CVE-2016-8889 | medium | 6.2 | 6.2 | 10y ago | In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in… | |||
| CVE-2016-8871 | medium | 6.2 | 6.2 | 10y ago | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side chan… | |||
| CVE-2016-7042 | medium | 6.2 | 6.2 | 10y ago | The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain tim… | |||
| CVE-2016-4701 | medium | 6.2 | 6.2 | 10y ago | Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | |||
| CVE-2016-3059 | medium | 6.2 | 6.2 | 10y ago | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Mana… | |||
| CVE-2016-6259 | medium | 6.2 | 6.2 | 10y ago | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial … | |||
| CVE-2016-3992 | medium | 6.2 | 6.2 | 10y ago | cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | |||
| CVE-2016-0321 | medium | 6.2 | 6.2 | 10y ago | IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging acces… | |||
| CVE-2016-0338 | medium | 6.2 | 6.2 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2… | |||
| CVE-2016-4804 | medium | 6.2 | 6.2 | 10y ago | The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_f… | |||
| CVE-2016-4482 | medium | 6.2 | 6.2 | 10y ago | The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from k… | |||
| CVE-2016-2847 | medium | 6.2 | 6.2 | 10y ago | fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-… | |||
| CVE-2016-2549 | medium | 6.2 | 6.2 | 10y ago | sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | |||
| CVE-2016-2548 | medium | 6.2 | 6.2 | 10y ago | sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl… | |||
| CVE-2016-2543 | medium | 6.2 | 6.2 | 10y ago | The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local us… | |||
| CVE-2016-3186 | medium | 6.2 | 6.2 | 10y ago | Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. | |||
| CVE-2016-2414 | medium | 6.2 | 6.2 | 10y ago | The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a… | |||
| CVE-2016-1760 | medium | 6.2 | 6.2 | 10y ago | The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | |||
| CVE-2016-0808 | medium | 6.2 | 6.2 | 11y ago | Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of serv… | |||
| CVE-2016-0602 | medium | — | 6.2 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown… | |||
| CVE-2016-7148 | medium | 6.1 | 6.1 | 4y ago | MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile… | |||
| CVE-2016-9119 | medium | 6.1 | 6.1 | 4y ago | Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7136 | medium | 6.1 | 6.1 | 4y ago | z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | |||
| CVE-2016-7137 | medium | 6.1 | 6.1 | 4y ago | Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing… | |||
| CVE-2016-10704 | medium | 6.1 | 6.1 | 9y ago | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||
| CVE-2016-10702 | medium | 6.1 | 6.1 | 9y ago | Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by mo… | |||
| CVE-2016-10699 | medium | 6.1 | 6.1 | 9y ago | D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in the… | |||
| CVE-2016-10516 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote… | |||
| CVE-2016-10515 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | |||
| CVE-2016-4923 | medium | 6.1 | 6.1 | 9y ago | Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data … | |||
| CVE-2016-10513 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. | |||
| CVE-2016-10510 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection m… | |||
| CVE-2016-10508 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||
| CVE-2016-6800 | medium | 6.1 | 6.1 | 9y ago | The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creatio… | |||
| CVE-2016-6812 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in Apache CXF | |||
| CVE-2016-3113 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2016-10404 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal Vulnerable to XSS via a Crafted Redirect Field | |||
| CVE-2016-6133 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus para… | |||
| CVE-2016-5394 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting in Apache Sling | |||
| CVE-2016-8947 | medium | 6.1 | 6.1 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… | |||
| CVE-2016-6201 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContTy… | |||
| CVE-2016-6127 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allow… | |||
| CVE-2016-10366 | medium | 6.1 | 6.1 | 9y ago | Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. | |||
| CVE-2016-10365 | medium | 6.1 | 6.1 | 9y ago | Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. | |||
| CVE-2016-1000220 | medium | 6.1 | 6.1 | 9y ago | Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | |||
| CVE-2016-7831 | medium | 6.1 | 6.1 | 9y ago | Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | |||
| CVE-2016-7817 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7813 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | |||
| CVE-2016-7808 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4906 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | |||
| CVE-2016-0781 | medium | 6.1 | 6.1 | 9y ago | The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions p… | |||
| CVE-2016-4903 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2016-4859 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk… | |||
| CVE-2016-4857 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redire… | |||
| CVE-2016-4855 | medium | 6.1 | 6.1 | 9y ago | ADOdb Cross-site scripting vulnerability in old test script | |||
| CVE-2016-9099 | medium | 6.1 | 6.1 | 9y ago | Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability… | |||
| CVE-2016-9257 | medium | 6.1 | 6.1 | 9y ago | In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when … | |||
| CVE-2016-0255 | medium | 6.1 | 6.1 | 9y ago | IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject ma… | |||
| CVE-2016-10368 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers … | |||
| CVE-2016-7841 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2016-7840 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||
| CVE-2016-7839 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2016-4075 | medium | 6.1 | 6.1 | 9y ago | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||
| CVE-2016-1217 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1216 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1215 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1214 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1213 | medium | 6.1 | 6.1 | 9y ago | The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | |||
| CVE-2016-6347 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in RESTEasy | |||
| CVE-2016-6334 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbi… | |||
| CVE-2016-6333 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrar… | |||
| CVE-2016-5761 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||
| CVE-2016-5760 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2016-4849 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in… | |||
| CVE-2016-4847 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | |||
| CVE-2016-4875 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 fo… | |||
| CVE-2016-4068 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnera… | |||
| CVE-2016-2104 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the p… | |||
| CVE-2016-6348 | medium | 6.1 | 6.1 | 9y ago | JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack | |||
| CVE-2016-4897 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. | |||
| CVE-2016-4892 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-2803 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2016-1179 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-8719 | medium | 6.1 | 6.1 | 9y ago | An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multi… | |||
| CVE-2016-5682 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting in swagger-ui | |||
| CVE-2016-5078 | medium | 6.1 | 6.1 | 9y ago | Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | |||
| CVE-2016-5077 | medium | 6.1 | 6.1 | 9y ago | Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | |||
| CVE-2016-5075 | medium | 6.1 | 6.1 | 9y ago | CloudView NMS before 2.10a has XSS via a TELNET login. | |||
| CVE-2016-5073 | medium | 6.1 | 6.1 | 9y ago | CloudView NMS before 2.10a has XSS via SNMP. | |||
| CVE-2016-5055 | medium | 6.1 | 6.1 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||
| CVE-2016-4334 | medium | 6.1 | 6.1 | 9y ago | Jive before 2016.3.1 has an open redirect from the external-link.jspa page. | |||
| CVE-2016-1000307 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occu… |