CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7211 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-5995 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse libra… | |||
| CVE-2016-4385 | high | 7.3 | 7.3 | 10y ago | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Jav… | |||
| CVE-2016-4860 | high | 7.3 | 7.3 | 10y ago | Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of se… | |||
| CVE-2016-0896 | high | 7.3 | 7.3 | 10y ago | Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intend… | |||
| CVE-2016-5645 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote a… | |||
| CVE-2016-3841 | high | 7.3 | 7.3 | 10y ago | The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendm… | |||
| CVE-2016-3850 | high | 7.3 | 7.3 | 10y ago | Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field i… | |||
| CVE-2016-2497 | high | 7.3 | 7.3 | 10y ago | services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attacke… | |||
| CVE-2016-6192 | high | 7.3 | 7.3 | 10y ago | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica… | |||
| CVE-2016-4531 | high | 7.3 | 7.3 | 10y ago | Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattend… | |||
| CVE-2016-4641 | high | 7.3 | 7.3 | 10y ago | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||
| CVE-2016-5446 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2016-3561 | high | 7.3 | 7.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ve… | |||
| CVE-2016-0330 | high | 7.3 | 7.3 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by… | |||
| CVE-2016-4529 | high | 7.3 | 7.3 | 10y ago | An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, … | |||
| CVE-2016-3286 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3252 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3250 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||
| CVE-2016-3249 | high | 7.3 | 7.3 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-4512 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | |||
| CVE-2016-3988 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANT… | |||
| CVE-2016-5722 | high | 7.3 | 7.3 | 10y ago | Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct … | |||
| CVE-2016-4158 | high | 7.3 | 7.3 | 10y ago | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYS… | |||
| CVE-2016-4157 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an un… | |||
| CVE-2016-3233 | high | 7.3 | 7.3 | 10y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vul… | |||
| CVE-2016-0025 | high | 7.3 | 7.3 | 10y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation … | |||
| CVE-2016-2299 | high | 7.3 | 7.3 | 10y ago | SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4018 | high | 7.3 | 7.3 | 10y ago | The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and … | |||
| CVE-2016-1014 | high | 7.3 | 7.3 | 10y ago | Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain pri… | |||
| CVE-2016-3188 | high | 7.3 | 7.3 | 10y ago | The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) passw… | |||
| CVE-2016-3187 | high | 7.3 | 7.3 | 10y ago | The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | |||
| CVE-2016-1978 | high | 7.3 | 7.3 | 10y ago | Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers t… | |||
| CVE-2016-1729 | high | 7.3 | 7.3 | 11y ago | Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application. | |||
| CVE-2016-1718 | high | 7.3 | 7.3 | 11y ago | The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-0755 | high | 7.3 | 7.3 | 11y ago | The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users vi… | |||
| CVE-2016-0423 | high | — | 7.3 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via … | |||
| CVE-2016-1904 | high | 7.3 | 7.3 | 11y ago | Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) ph… | |||
| CVE-2016-0018 | high | 7.3 | 7.3 | 11y ago | Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka… | |||
| CVE-2016-5714 | high | 7.2 | 7.2 | 9y ago | Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet… | |||
| CVE-2016-10509 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute… | |||
| CVE-2016-7820 | high | 7.2 | 7.2 | 9y ago | Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-serv… | |||
| CVE-2016-7819 | high | 7.2 | 7.2 | 9y ago | I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspeci… | |||
| CVE-2016-10379 | high | 7.2 | 7.2 | 9y ago | The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to… | |||
| CVE-2016-10378 | high | 7.2 | 7.2 | 9y ago | e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | |||
| CVE-2016-9097 | high | 7.2 | 7.2 | 9y ago | The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain c… | |||
| CVE-2016-8801 | high | 7.2 | 7.2 | 9y ago | Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command… | |||
| CVE-2016-8025 | medium | 6.2 | 7.2 | 9y ago | SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete… | |||
| CVE-2016-8998 | high | 7.2 | 7.2 | 9y ago | IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on … | |||
| CVE-2016-10224 | high | 7.2 | 7.2 | 9y ago | An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is v… | |||
| CVE-2016-8494 | high | 7.2 | 7.2 | 9y ago | Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | |||
| CVE-2016-6104 | high | 7.2 | 7.2 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute … | |||
| CVE-2016-9871 | high | 7.2 | 7.2 | 10y ago | EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially … | |||
| CVE-2016-6115 | high | 7.2 | 7.2 | 10y ago | IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the… | |||
| CVE-2016-5590 | high | 7.2 | 7.2 | 10y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerab… | |||
| CVE-2016-1548 | high | 7.2 | 7.2 | 10y ago | An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p… | |||
| CVE-2016-10085 | high | 7.2 | 7.2 | 10y ago | admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | |||
| CVE-2016-10084 | high | 7.2 | 7.2 | 10y ago | admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | |||
| CVE-2016-6656 | high | 7.2 | 7.2 | 10y ago | An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In orde… | |||
| CVE-2016-9268 | high | 7.2 | 7.2 | 10y ago | Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitr… | |||
| CVE-2016-1000122 | high | 7.2 | 7.2 | 10y ago | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||
| CVE-2016-1000120 | high | 7.2 | 7.2 | 10y ago | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||
| CVE-2016-1000119 | high | 7.2 | 7.2 | 10y ago | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||
| CVE-2016-1000118 | high | 7.2 | 7.2 | 10y ago | XSS & SQLi in HugeIT slideshow v1.0.4 | |||
| CVE-2016-1000117 | high | 7.2 | 7.2 | 10y ago | XSS & SQLi in HugeIT slideshow v1.0.4 | |||
| CVE-2016-1000116 | high | 7.2 | 7.2 | 10y ago | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||
| CVE-2016-1000115 | high | 7.2 | 7.2 | 10y ago | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||
| CVE-2016-7561 | high | 7.2 | 7.2 | 10y ago | Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. | |||
| CVE-2016-4978 | high | 7.2 | 7.2 | 10y ago | Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain | |||
| CVE-2016-6373 | high | 7.2 | 7.2 | 10y ago | The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00… | |||
| CVE-2016-3483 | high | 7.2 | 7.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2016-1227 | high | 7.2 | 7.2 | 10y ago | NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and ear… | |||
| CVE-2016-2174 | high | 7.2 | 7.2 | 10y ago | SQL injection vulnerability in the policy admin tool in Apache Ranger | |||
| CVE-2016-2309 | high | 7.2 | 7.2 | 10y ago | iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||
| CVE-2016-3461 | high | 7.2 | 7.2 | 10y ago | Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and ava… | |||
| CVE-2016-4040 | high | 7.2 | 7.2 | 10y ago | SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2016-3654 | high | 7.2 | 7.2 | 10y ago | The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote au… | |||
| CVE-2016-1885 | medium | 6.2 | 7.2 | 10y ago | Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service… | |||
| CVE-2016-2281 | high | 7.2 | 7.2 | 10y ago | Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||
| CVE-2016-0049 | medium | 6.2 | 7.2 | 10y ago | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate passw… | |||
| CVE-2016-0546 | high | — | 7.2 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect co… | |||
| CVE-2016-0414 | high | — | 7.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerabi… | |||
| CVE-2016-10339 | high | 7.1 | 7.1 | 9y ago | In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. | |||
| CVE-2016-3108 | high | 7.1 | 7.1 | 9y ago | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | |||
| CVE-2016-9834 | medium | 6.1 | 7.1 | 9y ago | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is … | |||
| CVE-2016-10330 | high | 7.1 | 7.1 | 9y ago | Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | |||
| CVE-2016-1915 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale pa… | |||
| CVE-2016-8794 | high | 7.1 | 7.1 | 9y ago | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Vers… | |||
| CVE-2016-8792 | high | 7.1 | 7.1 | 9y ago | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Vers… | |||
| CVE-2016-8791 | high | 7.1 | 7.1 | 9y ago | Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Vers… | |||
| CVE-2016-8855 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or … | |||
| CVE-2016-8019 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o… | |||
| CVE-2016-9994 | high | 7.1 | 7.1 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2016-9993 | high | 7.1 | 7.1 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2016-9992 | high | 7.1 | 7.1 | 9y ago | IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or … | |||
| CVE-2016-4743 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves t… | |||
| CVE-2016-4682 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain s… | |||
| CVE-2016-4660 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-4316 | medium | 6.1 | 7.1 | 9y ago | WSO2 Carbon vulnerable to Cross-site Scripting | |||
| CVE-2016-8357 | high | 7.1 | 7.1 | 9y ago | An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This … |