CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8492 | medium | 5.9 | 5.9 | 9y ago | The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||
| CVE-2016-10213 | medium | 5.9 | 5.9 | 9y ago | A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by le… | |||
| CVE-2016-10212 | medium | 5.9 | 5.9 | 9y ago | Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-02… | |||
| CVE-2016-0270 | medium | 5.9 | 5.9 | 9y ago | IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the au… | |||
| CVE-2016-6495 | medium | 5.9 | 5.9 | 9y ago | NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||
| CVE-2016-6116 | medium | 5.9 | 5.9 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could … | |||
| CVE-2016-5935 | medium | 5.9 | 5.9 | 9y ago | IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8966 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab… | |||
| CVE-2016-8918 | medium | 5.9 | 5.9 | 10y ago | IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||
| CVE-2016-5966 | medium | 5.9 | 5.9 | 10y ago | IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a… | |||
| CVE-2016-3043 | medium | 5.9 | 5.9 | 10y ago | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t… | |||
| CVE-2016-9963 | medium | 5.9 | 5.9 | 10y ago | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||
| CVE-2016-6329 | medium | 5.9 | 5.9 | 10y ago | OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-ov… | |||
| CVE-2016-5117 | medium | 5.9 | 5.9 | 10y ago | OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid… | |||
| CVE-2016-2402 | medium | 5.9 | 5.9 | 10y ago | Improper Certificate Validation in OkHttp | |||
| CVE-2016-2519 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a… | |||
| CVE-2016-5876 | medium | 5.9 | 5.9 | 10y ago | ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | |||
| CVE-2016-10104 | medium | 5.9 | 5.9 | 10y ago | Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP… | |||
| CVE-2016-9311 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | |||
| CVE-2016-8671 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: … | |||
| CVE-2016-6887 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | |||
| CVE-2016-10027 | medium | 5.9 | 5.9 | 10y ago | Smack allows the bypass of TLS protections | |||
| CVE-2016-9247 | medium | 5.9 | 5.9 | 10y ago | Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microke… | |||
| CVE-2016-8106 | medium | 5.9 | 5.9 | 10y ago | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic worki… | |||
| CVE-2016-2373 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2372 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2370 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A maliciou… | |||
| CVE-2016-2369 | medium | 5.9 | 5.9 | 10y ago | A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnera… | |||
| CVE-2016-2367 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2366 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2365 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A mali… | |||
| CVE-2016-5024 | medium | 5.9 | 5.9 | 10y ago | Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Tra… | |||
| CVE-2016-9159 | medium | 5.9 | 5.9 | 10y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and b… | |||
| CVE-2016-1411 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SM… | |||
| CVE-2016-9860 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4… | |||
| CVE-2016-6632 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (… | |||
| CVE-2016-6624 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention | |||
| CVE-2016-6622 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin DoS Vulnerability | |||
| CVE-2016-5341 | medium | 5.9 | 5.9 | 10y ago | The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed … | |||
| CVE-2016-2927 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms … | |||
| CVE-2016-6709 | medium | 5.9 | 5.9 | 10y ago | An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive inf… | |||
| CVE-2016-6461 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affec… | |||
| CVE-2016-9376 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet… | |||
| CVE-2016-9375 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by… | |||
| CVE-2016-9374 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet… | |||
| CVE-2016-9373 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dc… | |||
| CVE-2016-9372 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting… | |||
| CVE-2016-6438 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line c… | |||
| CVE-2016-6437 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to … | |||
| CVE-2016-5597 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | |||
| CVE-2016-5527 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-7099 | medium | 5.9 | 5.9 | 10y ago | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certifi… | |||
| CVE-2016-6025 | medium | 5.9 | 5.9 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstati… | |||
| CVE-2016-6416 | medium | 5.9 | 5.9 | 10y ago | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Manageme… | |||
| CVE-2016-7046 | medium | 5.9 | 5.9 | 10y ago | Undertow Uncaught Exception vulnerability | |||
| CVE-2016-6308 | medium | 5.9 | 5.9 | 10y ago | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of servic… | |||
| CVE-2016-6307 | medium | 5.9 | 5.9 | 10y ago | The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consu… | |||
| CVE-2016-6306 | medium | 5.9 | 5.9 | 10y ago | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s… | |||
| CVE-2016-6153 | medium | 5.9 | 5.9 | 10y ago | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application… | |||
| CVE-2016-7142 | medium | 5.9 | 5.9 | 10y ago | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as … | |||
| CVE-2016-4722 | medium | 5.9 | 5.9 | 10y ago | The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified v… | |||
| CVE-2016-6403 | medium | 5.9 | 5.9 | 10y ago | The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCu… | |||
| CVE-2016-4741 | medium | 5.9 | 5.9 | 10y ago | The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | |||
| CVE-2016-7420 | medium | 5.9 | 5.9 | 10y ago | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow c… | |||
| CVE-2016-1277 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6… | |||
| CVE-2016-7180 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial … | |||
| CVE-2016-7179 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2016-7178 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a … | |||
| CVE-2016-7177 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of … | |||
| CVE-2016-7176 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial o… | |||
| CVE-2016-7175 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and… | |||
| CVE-2016-0397 | medium | 5.9 | 5.9 | 10y ago | WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||
| CVE-2016-6231 | medium | 5.9 | 5.9 | 10y ago | Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||
| CVE-2016-5359 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite … | |||
| CVE-2016-5358 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application … | |||
| CVE-2016-5357 | medium | 5.9 | 5.9 | 10y ago | wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial… | |||
| CVE-2016-5356 | medium | 5.9 | 5.9 | 10y ago | wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of se… | |||
| CVE-2016-5355 | medium | 5.9 | 5.9 | 10y ago | wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of … | |||
| CVE-2016-5354 | medium | 5.9 | 5.9 | 10y ago | The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2016-5353 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of… | |||
| CVE-2016-5352 | medium | 5.9 | 5.9 | 10y ago | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a… | |||
| CVE-2016-5351 | medium | 5.9 | 5.9 | 10y ago | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of … | |||
| CVE-2016-6513 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2016-6511 | medium | 5.9 | 5.9 | 10y ago | epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. | |||
| CVE-2016-6510 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer … | |||
| CVE-2016-6509 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (appli… | |||
| CVE-2016-6508 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of servi… | |||
| CVE-2016-6507 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-6506 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-1276 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer … | |||
| CVE-2016-3612 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core. | |||
| CVE-2016-3588 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3525 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management. | |||
| CVE-2016-5655 | medium | 5.9 | 5.9 | 10y ago | Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||
| CVE-2016-2775 | medium | 5.9 | 5.9 | 10y ago | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash… | |||
| CVE-2016-1546 | medium | 5.9 | 5.9 | 10y ago | The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a … | |||
| CVE-2016-4955 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packe… | |||
| CVE-2016-2079 | medium | 5.9 | 5.9 | 10y ago | VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified … | |||
| CVE-2016-0365 | medium | 5.9 | 5.9 | 10y ago | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication … | |||
| CVE-2016-5435 | medium | 5.9 | 5.9 | 10y ago | Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networkin… |