CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3319 | high | 7.0 | 7.0 | 10y ago | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "… | |||
| CVE-2016-3848 | high | 7.0 | 7.0 | 10y ago | The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417. | |||
| CVE-2016-3846 | high | 7.0 | 7.0 | 10y ago | The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. | |||
| CVE-2016-4639 | high | 7.0 | 7.0 | 10y ago | Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-3584 | high | 7.0 | 7.0 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc. | |||
| CVE-2016-3757 | high | 7.0 | 7.0 | 10y ago | The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafte… | |||
| CVE-2016-2867 | high | 7.0 | 7.0 | 10y ago | IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors. | |||
| CVE-2016-0263 | high | 7.0 | 7.0 | 10y ago | IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapp… | |||
| CVE-2016-1435 | high | 7.0 | 7.0 | 10y ago | Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||
| CVE-2016-2462 | high | 7.0 | 7.0 | 10y ago | OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspec… | |||
| CVE-2016-2461 | high | 7.0 | 7.0 | 10y ago | OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspeci… | |||
| CVE-2016-2456 | high | 7.0 | 7.0 | 10y ago | The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. | |||
| CVE-2016-2453 | high | 7.0 | 7.0 | 10y ago | The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. | |||
| CVE-2016-2446 | high | 7.0 | 7.0 | 10y ago | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. | |||
| CVE-2016-2445 | high | 7.0 | 7.0 | 10y ago | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. | |||
| CVE-2016-2444 | high | 7.0 | 7.0 | 10y ago | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. | |||
| CVE-2016-2443 | high | 7.0 | 7.0 | 10y ago | The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. | |||
| CVE-2016-2442 | high | 7.0 | 7.0 | 10y ago | The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907. | |||
| CVE-2016-2441 | high | 7.0 | 7.0 | 10y ago | The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602. | |||
| CVE-2016-2059 | high | 7.0 | 7.0 | 10y ago | The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contri… | |||
| CVE-2016-0822 | high | 7.0 | 7.0 | 10y ago | The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | |||
| CVE-2016-8016 | low | 3.4 | 4.4 | 9y ago | Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR… | |||
| CVE-2016-4486 | low | 3.3 | 4.3 | 10y ago | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from … | |||
| CVE-2016-3716 | low | 3.3 | 4.3 | 10y ago | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||
| CVE-2016-3325 | low | 3.1 | 4.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-4534 | low | 3.0 | 4.0 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and… | |||
| CVE-2016-3159 | low | 3.8 | 3.8 | 10y ago | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensiti… | |||
| CVE-2016-3158 | low | 3.8 | 3.8 | 10y ago | The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive … | |||
| CVE-2016-0238 | low | 3.7 | 3.7 | 9y ago | IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… | |||
| CVE-2016-6102 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, r… | |||
| CVE-2016-7577 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger… | |||
| CVE-2016-8344 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release… | |||
| CVE-2016-8217 | low | 3.7 | 3.7 | 10y ago | EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which… | |||
| CVE-2016-5953 | low | 3.7 | 3.7 | 10y ago | IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa… | |||
| CVE-2016-3045 | low | 3.7 | 3.7 | 10y ago | IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer he… | |||
| CVE-2016-0297 | low | 3.7 | 3.7 | 10y ago | IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the mi… | |||
| CVE-2016-8330 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthent… | |||
| CVE-2016-8328 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unau… | |||
| CVE-2016-1551 | low | 3.7 | 3.7 | 10y ago | ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference cloc… | |||
| CVE-2016-7429 | low | 3.7 | 3.7 | 10y ago | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source)… | |||
| CVE-2016-9015 | low | 3.7 | 3.7 | 10y ago | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the l… | |||
| CVE-2016-4323 | low | 3.7 | 3.7 | 10y ago | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or … | |||
| CVE-2016-7903 | low | 3.7 | 3.7 | 10y ago | Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | |||
| CVE-2016-2953 | low | 3.7 | 3.7 | 10y ago | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-2952 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||
| CVE-2016-2951 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the … | |||
| CVE-2016-0378 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||
| CVE-2016-0372 | low | 3.7 | 3.7 | 10y ago | IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … | |||
| CVE-2016-0353 | low | 3.7 | 3.7 | 10y ago | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remot… | |||
| CVE-2016-5481 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Cor… | |||
| CVE-2016-1000033 | low | 3.7 | 3.7 | 10y ago | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||
| CVE-2016-0240 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier fo… | |||
| CVE-2016-0248 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||
| CVE-2016-4739 | low | 3.7 | 3.7 | 10y ago | mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending … | |||
| CVE-2016-4747 | low | 3.7 | 3.7 | 10y ago | Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||
| CVE-2016-4379 | low | 3.7 | 3.7 | 10y ago | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers t… | |||
| CVE-2016-5429 | low | 3.7 | 3.7 | 10y ago | jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and… | |||
| CVE-2016-2960 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1… | |||
| CVE-2016-0281 | low | 3.7 | 3.7 | 10y ago | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter cras… | |||
| CVE-2016-0266 | low | 3.7 | 3.7 | 10y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5466 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2016-5460 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2016-5444 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta… | |||
| CVE-2016-3482 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module. | |||
| CVE-2016-3474 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality v… | |||
| CVE-2016-3452 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta… | |||
| CVE-2016-3450 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2016-5702 | low | 3.7 | 3.7 | 10y ago | phpMyAdmin cookie-attribute injection | |||
| CVE-2016-2861 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain… | |||
| CVE-2016-1183 | low | 3.7 | 3.7 | 10y ago | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-exte… | |||
| CVE-2016-5233 | low | 3.7 | 3.7 | 10y ago | Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base statio… | |||
| CVE-2016-4053 | low | 3.7 | 3.7 | 10y ago | Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and… | |||
| CVE-2016-0688 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Compon… | |||
| CVE-2016-0671 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | |||
| CVE-2016-0208 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | |||
| CVE-2016-1356 | low | 3.7 | 3.7 | 10y ago | Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif… | |||
| CVE-2016-0701 | low | 3.7 | 3.7 | 10y ago | The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for… | |||
| CVE-2016-1900 | low | 3.7 | 3.7 | 11y ago | CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP heade… | |||
| CVE-2016-1899 | low | 3.7 | 3.7 | 11y ago | CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (X… | |||
| CVE-2016-1133 | low | 3.7 | 3.7 | 11y ago | CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTT… | |||
| CVE-2016-0426 | low | — | 3.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones. | |||
| CVE-2016-4874 | low | 3.5 | 3.5 | 9y ago | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | |||
| CVE-2016-4027 | low | 3.5 | 3.5 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionalit… | |||
| CVE-2016-3009 | low | 3.5 | 3.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary use… | |||
| CVE-2016-4751 | low | 3.5 | 3.5 | 10y ago | The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | |||
| CVE-2016-2998 | low | 3.5 | 3.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication … | |||
| CVE-2016-3321 | low | 2.5 | 3.5 | 10y ago | Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a… | |||
| CVE-2016-3531 | low | 3.5 | 3.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC… | |||
| CVE-2016-1763 | low | 3.5 | 3.5 | 10y ago | Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing … | |||
| CVE-2016-0610 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related t… | |||
| CVE-2016-0608 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0606 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0601 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||
| CVE-2016-0600 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0599 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2016-0598 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0474 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via vectors related to P… | |||
| CVE-2016-0473 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors rela… | |||
| CVE-2016-0412 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect integrity via unknown vectors r… | |||
| CVE-2016-3484 | low | 3.4 | 3.4 | 10y ago | Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors. |