CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1926 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_t… | |||
| CVE-2016-1492 | medium | 6.1 | 6.1 | 11y ago | The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragi… | |||
| CVE-2016-1298 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… | |||
| CVE-2016-1135 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlie… | |||
| CVE-2016-0418 | medium | — | 6.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerabi… | |||
| CVE-2016-1294 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… | |||
| CVE-2016-1293 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-1911 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pm… | |||
| CVE-2016-0032 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to i… | |||
| CVE-2016-0031 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-0030 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0029 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-1565 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject ar… | |||
| CVE-2016-1498 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attack… | |||
| CVE-2016-10155 | medium | 6.0 | 6.0 | 9y ago | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large… | |||
| CVE-2016-8021 | medium | 5.0 | 6.0 | 9y ago | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe… | |||
| CVE-2016-10024 | medium | 6.0 | 6.0 | 10y ago | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kern… | |||
| CVE-2016-9385 | medium | 6.0 | 6.0 | 10y ago | The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical add… | |||
| CVE-2016-7995 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large numbe… | |||
| CVE-2016-7994 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption… | |||
| CVE-2016-7466 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consump… | |||
| CVE-2016-7422 | medium | 6.0 | 6.0 | 10y ago | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) … | |||
| CVE-2016-7116 | medium | 6.0 | 6.0 | 10y ago | Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified s… | |||
| CVE-2016-6836 | medium | 6.0 | 6.0 | 10y ago | The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial… | |||
| CVE-2016-6835 | medium | 6.0 | 6.0 | 10y ago | The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail… | |||
| CVE-2016-4964 | medium | 6.0 | 6.0 | 10y ago | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU proce… | |||
| CVE-2016-9106 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to fre… | |||
| CVE-2016-9105 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a refer… | |||
| CVE-2016-9103 | medium | 6.0 | 6.0 | 10y ago | The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before wr… | |||
| CVE-2016-9102 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash)… | |||
| CVE-2016-9101 | medium | 6.0 | 6.0 | 10y ago | Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an… | |||
| CVE-2016-8910 | medium | 6.0 | 6.0 | 10y ago | The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin… | |||
| CVE-2016-8909 | medium | 6.0 | 6.0 | 10y ago | The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit… | |||
| CVE-2016-8669 | medium | 6.0 | 6.0 | 10y ago | The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) … | |||
| CVE-2016-8668 | medium | 6.0 | 6.0 | 10y ago | The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by l… | |||
| CVE-2016-8667 | medium | 6.0 | 6.0 | 10y ago | The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large i… | |||
| CVE-2016-8578 | medium | 6.0 | 6.0 | 10y ago | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cr… | |||
| CVE-2016-8577 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O… | |||
| CVE-2016-8576 | medium | 6.0 | 6.0 | 10y ago | The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f… | |||
| CVE-2016-5516 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. | |||
| CVE-2016-0079 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi… | |||
| CVE-2016-0073 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-5107 | medium | 6.0 | 6.0 | 10y ago | The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds re… | |||
| CVE-2016-5106 | medium | 6.0 | 6.0 | 10y ago | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of … | |||
| CVE-2016-4952 | medium | 6.0 | 6.0 | 10y ago | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vec… | |||
| CVE-2016-4509 | medium | 6.0 | 6.0 | 10y ago | Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||
| CVE-2016-2841 | medium | 6.0 | 6.0 | 10y ago | The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU proces… | |||
| CVE-2016-4454 | medium | 6.0 | 6.0 | 10y ago | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash)… | |||
| CVE-2016-4037 | medium | 6.0 | 6.0 | 10y ago | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous tra… | |||
| CVE-2016-4441 | medium | 6.0 | 6.0 | 10y ago | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of servi… | |||
| CVE-2016-0697 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity v… | |||
| CVE-2016-0669 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | |||
| CVE-2016-0425 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availab… | |||
| CVE-2016-8738 | medium | 5.9 | 5.9 | 9y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-10511 | medium | 5.9 | 5.9 | 9y ago | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the abili… | |||
| CVE-2016-6029 | medium | 5.9 | 5.9 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.… | |||
| CVE-2016-0762 | medium | 5.9 | 5.9 | 9y ago | Observable Discrepancy in Apache Tomcat | |||
| CVE-2016-9972 | medium | 5.9 | 5.9 | 9y ago | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8746 | medium | 5.9 | 5.9 | 9y ago | Apache Ranger policy engine incorrectly matches paths in certain conditions | |||
| CVE-2016-7816 | medium | 5.9 | 5.9 | 9y ago | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… | |||
| CVE-2016-7805 | medium | 5.9 | 5.9 | 9y ago | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke… | |||
| CVE-2016-7055 | medium | 5.9 | 5.9 | 9y ago | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bi… | |||
| CVE-2016-5810 | medium | 4.9 | 5.9 | 9y ago | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | |||
| CVE-2016-4467 | medium | 5.9 | 5.9 | 9y ago | The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name … | |||
| CVE-2016-8962 | medium | 5.9 | 5.9 | 9y ago | IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||
| CVE-2016-5016 | medium | 5.9 | 5.9 | 9y ago | Cloud Foundry vulnerable to Improper Certificate Validation | |||
| CVE-2016-2564 | medium | 5.9 | 5.9 | 9y ago | Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board… | |||
| CVE-2016-1519 | medium | 5.9 | 5.9 | 9y ago | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grands… | |||
| CVE-2016-1221 | medium | 5.9 | 5.9 | 9y ago | Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific… | |||
| CVE-2016-1210 | medium | 5.9 | 5.9 | 9y ago | The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2016-1198 | medium | 5.9 | 5.9 | 9y ago | Photopt for Android before 2.0.1 does not verify SSL certificates. | |||
| CVE-2016-1186 | medium | 5.9 | 5.9 | 9y ago | Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||
| CVE-2016-4840 | medium | 5.9 | 5.9 | 9y ago | Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | |||
| CVE-2016-4832 | medium | 5.9 | 5.9 | 9y ago | WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||
| CVE-2016-4830 | medium | 5.9 | 5.9 | 9y ago | Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | |||
| CVE-2016-4829 | medium | 5.9 | 5.9 | 9y ago | DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||
| CVE-2016-1184 | medium | 5.9 | 5.9 | 9y ago | Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||
| CVE-2016-4818 | medium | 5.9 | 5.9 | 9y ago | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | |||
| CVE-2016-10259 | medium | 5.9 | 5.9 | 9y ago | Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connec… | |||
| CVE-2016-6805 | medium | 5.9 | 5.9 | 9y ago | Moderate severity vulnerability that affects org.apache.ignite:ignite-core | |||
| CVE-2016-10319 | medium | 5.9 | 5.9 | 9y ago | In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involvin… | |||
| CVE-2016-8795 | medium | 5.9 | 5.9 | 9y ago | Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,… | |||
| CVE-2016-9319 | medium | 5.9 | 5.9 | 9y ago | There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||
| CVE-2016-7541 | medium | 5.9 | 5.9 | 9y ago | Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.… | |||
| CVE-2016-10130 | medium | 5.9 | 5.9 | 9y ago | The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variabl… | |||
| CVE-2016-6225 | medium | 5.9 | 5.9 | 9y ago | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain … | |||
| CVE-2016-7468 | medium | 5.9 | 5.9 | 9y ago | An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated… | |||
| CVE-2016-9245 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settin… | |||
| CVE-2016-6882 | medium | 5.9 | 5.9 | 9y ago | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||
| CVE-2016-9892 | medium | 5.9 | 5.9 | 9y ago | The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL s… | |||
| CVE-2016-10228 | medium | 5.9 | 5.9 | 9y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-3052 | medium | 5.9 | 5.9 | 9y ago | Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | |||
| CVE-2016-7636 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … | |||
| CVE-2016-7579 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component,… | |||
| CVE-2016-4721 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle… | |||
| CVE-2016-4685 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||
| CVE-2016-8652 | medium | 5.9 | 5.9 | 9y ago | The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||
| CVE-2016-4314 | medium | 4.9 | 5.9 | 9y ago | WSO2 Carbon directory traversal vulnerability | |||
| CVE-2016-1249 | medium | 5.9 | 5.9 | 9y ago | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned n… | |||
| CVE-2016-5900 | medium | 5.9 | 5.9 | 9y ago | IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attac… |