CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4429 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecif… | |||
| CVE-2016-3094 | medium | 5.9 | 5.9 | 10y ago | Improper Input Validation in org.apache.qpid:qpid-broker | |||
| CVE-2016-0907 | medium | 5.9 | 5.9 | 10y ago | EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allow… | |||
| CVE-2016-0306 | medium | 5.9 | 5.9 | 10y ago | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to ob… | |||
| CVE-2016-1115 | medium | 5.9 | 5.9 | 10y ago | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof se… | |||
| CVE-2016-0149 | medium | 5.9 | 5.9 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext … | |||
| CVE-2016-4008 | medium | 5.9 | 5.9 | 10y ago | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infini… | |||
| CVE-2016-4421 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption… | |||
| CVE-2016-4420 | medium | 5.9 | 5.9 | 10y ago | The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2016-4419 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted p… | |||
| CVE-2016-4418 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application … | |||
| CVE-2016-4417 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (… | |||
| CVE-2016-4416 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over… | |||
| CVE-2016-4415 | medium | 5.9 | 5.9 | 10y ago | wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buff… | |||
| CVE-2016-4085 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or p… | |||
| CVE-2016-4084 | medium | 5.9 | 5.9 | 10y ago | Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and applicati… | |||
| CVE-2016-4083 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial … | |||
| CVE-2016-4082 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause… | |||
| CVE-2016-4081 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of s… | |||
| CVE-2016-4080 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (o… | |||
| CVE-2016-4079 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of servi… | |||
| CVE-2016-4078 | medium | 5.9 | 5.9 | 10y ago | The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursio… | |||
| CVE-2016-4077 | medium | 5.9 | 5.9 | 10y ago | epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use… | |||
| CVE-2016-4076 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of ser… | |||
| CVE-2016-4006 | medium | 5.9 | 5.9 | 10y ago | epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and… | |||
| CVE-2016-2115 | medium | 5.9 | 5.9 | 10y ago | Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB c… | |||
| CVE-2016-2114 | medium | 5.9 | 5.9 | 10y ago | The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle att… | |||
| CVE-2016-2112 | medium | 5.9 | 5.9 | 10y ago | The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-midd… | |||
| CVE-2016-2110 | medium | 5.9 | 5.9 | 10y ago | The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by mo… | |||
| CVE-2016-0695 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | |||
| CVE-2016-0677 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-2390 | medium | 5.9 | 5.9 | 10y ago | The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows… | |||
| CVE-2016-1273 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers t… | |||
| CVE-2016-0787 | medium | 5.9 | 5.9 | 10y ago | The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH … | |||
| CVE-2016-0739 | medium | 5.9 | 5.9 | 10y ago | libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-i… | |||
| CVE-2016-3686 | medium | 5.9 | 5.9 | 10y ago | The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by levera… | |||
| CVE-2016-0887 | medium | 5.9 | 5.9 | 10y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2… | |||
| CVE-2016-4004 | medium | 4.9 | 5.9 | 10y ago | Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file param… | |||
| CVE-2016-3166 | medium | 5.9 | 5.9 | 10y ago | Drupal CRLF injection vulnerability in the drupal_set_header function | |||
| CVE-2016-1346 | medium | 5.9 | 5.9 | 10y ago | The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequ… | |||
| CVE-2016-1344 | medium | 5.9 | 5.9 | 10y ago | The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | |||
| CVE-2016-1788 | medium | 5.9 | 5.9 | 10y ago | Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachmen… | |||
| CVE-2016-1731 | medium | 5.9 | 5.9 | 10y ago | Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | |||
| CVE-2016-0771 | medium | 5.9 | 5.9 | 10y ago | The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial… | |||
| CVE-2016-0818 | medium | 5.9 | 5.9 | 10y ago | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinctio… | |||
| CVE-2016-2774 | medium | 5.9 | 5.9 | 10y ago | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertio… | |||
| CVE-2016-2244 | medium | 5.9 | 5.9 | 10y ago | HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0704 | medium | 5.9 | 5.9 | 10y ago | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0… | |||
| CVE-2016-0703 | medium | 5.9 | 5.9 | 10y ago | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTE… | |||
| CVE-2016-2532 | medium | 5.9 | 5.9 | 10y ago | The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows … | |||
| CVE-2016-2531 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds rea… | |||
| CVE-2016-2530 | medium | 5.9 | 5.9 | 10y ago | The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, wh… | |||
| CVE-2016-2528 | medium | 5.9 | 5.9 | 10y ago | The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denia… | |||
| CVE-2016-2526 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read… | |||
| CVE-2016-2525 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory con… | |||
| CVE-2016-2524 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) vi… | |||
| CVE-2016-2523 | medium | 5.9 | 5.9 | 10y ago | The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of servic… | |||
| CVE-2016-2522 | medium | 5.9 | 5.9 | 10y ago | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allow… | |||
| CVE-2016-2316 | medium | 5.9 | 5.9 | 10y ago | chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf… | |||
| CVE-2016-1987 | medium | 5.9 | 5.9 | 10y ago | HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | |||
| CVE-2016-1284 | medium | 5.9 | 5.9 | 11y ago | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daem… | |||
| CVE-2016-2047 | medium | 5.9 | 5.9 | 11y ago | The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 … | |||
| CVE-2016-0201 | medium | 5.9 | 5.9 | 11y ago | GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | |||
| CVE-2016-1262 | medium | 5.9 | 5.9 | 11y ago | Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application La… | |||
| CVE-2016-1257 | medium | 5.9 | 5.9 | 11y ago | The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.… | |||
| CVE-2016-1231 | medium | 5.9 | 5.9 | 11y ago | Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified p… | |||
| CVE-2016-5237 | medium | 4.8 | 5.8 | 10y ago | Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse … | |||
| CVE-2016-4807 | medium | 4.8 | 5.8 | 10y ago | Web2py Reflected XSS vulnerability | |||
| CVE-2016-7458 | medium | 5.8 | 5.8 | 10y ago | VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjun… | |||
| CVE-2016-4046 | medium | 5.8 | 5.8 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of th… | |||
| CVE-2016-5477 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3608 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3529 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3467 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-4500 | medium | 5.8 | 5.8 | 10y ago | Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||
| CVE-2016-4788 | medium | 5.8 | 5.8 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||
| CVE-2016-1321 | medium | 5.8 | 5.8 | 10y ago | Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature a… | |||
| CVE-2016-0475 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality… | |||
| CVE-2016-9719 | medium | 5.7 | 5.7 | 9y ago | IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… | |||
| CVE-2016-3037 | medium | 5.7 | 5.7 | 9y ago | IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM … | |||
| CVE-2016-8790 | medium | 5.7 | 5.7 | 9y ago | Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with… | |||
| CVE-2016-5941 | medium | 5.7 | 5.7 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra… | |||
| CVE-2016-3060 | medium | 5.7 | 5.7 | 10y ago | Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote aut… | |||
| CVE-2016-5602 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affec… | |||
| CVE-2016-5537 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous i… | |||
| CVE-2016-5947 | medium | 5.7 | 5.7 | 10y ago | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||
| CVE-2016-3472 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect conf… | |||
| CVE-2016-2206 | medium | 5.7 | 5.7 | 10y ago | The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.… | |||
| CVE-2016-2205 | medium | 5.7 | 5.7 | 10y ago | Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symante… | |||
| CVE-2016-2784 | medium | 4.7 | 5.7 | 10y ago | CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS)… | |||
| CVE-2016-3464 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related … | |||
| CVE-2016-2116 | medium | 5.7 | 5.7 | 10y ago | Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG… | |||
| CVE-2016-1156 | medium | 5.7 | 5.7 | 10y ago | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displ… | |||
| CVE-2016-8924 | medium | 5.6 | 5.6 | 9y ago | IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit th… | |||
| CVE-2016-3176 | medium | 5.6 | 5.6 | 10y ago | Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … | |||
| CVE-2016-7171 | medium | 5.6 | 5.6 | 10y ago | NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||
| CVE-2016-5598 | medium | 5.6 | 5.6 | 10y ago | Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via v… | |||
| CVE-2016-6652 | medium | 5.6 | 5.6 | 10y ago | Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA | |||
| CVE-2016-0339 | medium | 5.6 | 5.6 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to s… | |||
| CVE-2016-4825 | medium | 5.6 | 5.6 | 10y ago | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. |