CVEs from 2016
Total
8,455
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9804 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lac… | |||
| CVE-2016-9803 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from '… | |||
| CVE-2016-9802 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon… | |||
| CVE-2016-9801 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||
| CVE-2016-9800 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to la… | |||
| CVE-2016-9799 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||
| CVE-2016-9798 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump… | |||
| CVE-2016-9797 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidu… | |||
| CVE-2016-5987 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers … | |||
| CVE-2016-5890 | medium | 5.3 | 5.3 | 10y ago | IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||
| CVE-2016-2940 | medium | 5.3 | 5.3 | 10y ago | Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2016-2935 | medium | 5.3 | 5.3 | 10y ago | The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | |||
| CVE-2016-2932 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||
| CVE-2016-2931 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-5968 | medium | 5.3 | 5.3 | 10y ago | The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… | |||
| CVE-2016-8672 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SI… | |||
| CVE-2016-6463 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-6462 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-9286 | medium | 5.3 | 5.3 | 10y ago | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as d… | |||
| CVE-2016-9285 | medium | 5.3 | 5.3 | 10y ago | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1,… | |||
| CVE-2016-9284 | medium | 5.3 | 5.3 | 10y ago | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||
| CVE-2016-7209 | medium | 5.3 | 5.3 | 10y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||
| CVE-2016-8875 | medium | 5.3 | 5.3 | 10y ago | The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application … | |||
| CVE-2016-9118 | medium | 5.3 | 5.3 | 10y ago | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||
| CVE-2016-8501 | medium | 5.3 | 5.3 | 10y ago | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||
| CVE-2016-5583 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unk… | |||
| CVE-2016-5575 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentia… | |||
| CVE-2016-5566 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5532 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via v… | |||
| CVE-2016-5524 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-5510 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5488 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-5487 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-1000214 | medium | 5.3 | 5.3 | 10y ago | Ruckus Wireless H500 web management interface authentication bypass | |||
| CVE-2016-3392 | medium | 5.3 | 5.3 | 10y ago | The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Micr… | |||
| CVE-2016-3391 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure… | |||
| CVE-2016-3267 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosur… | |||
| CVE-2016-6026 | medium | 5.3 | 5.3 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… | |||
| CVE-2016-6421 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | |||
| CVE-2016-6636 | medium | 5.3 | 5.3 | 10y ago | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elasti… | |||
| CVE-2016-6146 | medium | 5.3 | 5.3 | 10y ago | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||
| CVE-2016-4748 | medium | 5.3 | 5.3 | 10y ago | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||
| CVE-2016-4745 | medium | 5.3 | 5.3 | 10y ago | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user a… | |||
| CVE-2016-4713 | medium | 5.3 | 5.3 | 10y ago | CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||
| CVE-2016-0870 | medium | 5.3 | 5.3 | 10y ago | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | |||
| CVE-2016-4746 | medium | 5.3 | 5.3 | 10y ago | The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances… | |||
| CVE-2016-1433 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||
| CVE-2016-6644 | medium | 5.3 | 5.3 | 10y ago | EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||
| CVE-2016-6401 | medium | 5.3 | 5.3 | 10y ago | Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… | |||
| CVE-2016-6398 | medium | 5.3 | 5.3 | 10y ago | The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet d… | |||
| CVE-2016-6396 | medium | 5.3 | 5.3 | 10y ago | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… | |||
| CVE-2016-7128 | medium | 5.3 | 5.3 | 10y ago | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers… | |||
| CVE-2016-6375 | medium | 5.3 | 5.3 | 10y ago | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… | |||
| CVE-2016-6212 | medium | 5.3 | 5.3 | 10y ago | Drupal Views can allow unauthorized users to see Statistics information | |||
| CVE-2016-6670 | medium | 5.3 | 5.3 | 10y ago | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remo… | |||
| CVE-2016-6344 | medium | 5.3 | 5.3 | 10y ago | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via… | |||
| CVE-2016-7153 | medium | 5.3 | 5.3 | 10y ago | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever… | |||
| CVE-2016-7152 | medium | 5.3 | 5.3 | 10y ago | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera… | |||
| CVE-2016-5430 | medium | 5.3 | 5.3 | 10y ago | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clea… | |||
| CVE-2016-6298 | medium | 5.3 | 5.3 | 10y ago | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte… | |||
| CVE-2016-5332 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-5390 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to A… | |||
| CVE-2016-4995 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtai… | |||
| CVE-2016-3329 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-3327 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3326 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3299 | medium | 5.3 | 5.3 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hi… | |||
| CVE-2016-4253 | medium | 5.3 | 5.3 | 10y ago | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4169 | medium | 5.3 | 5.3 | 10y ago | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||
| CVE-2016-6145 | medium | 5.3 | 5.3 | 10y ago | The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_c… | |||
| CVE-2016-5267 | medium | 5.3 | 5.3 | 10y ago | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||
| CVE-2016-5133 | medium | 5.3 | 5.3 | 10y ago | Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect… | |||
| CVE-2016-4635 | medium | 5.3 | 5.3 | 10y ago | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,… | |||
| CVE-2016-5456 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |||
| CVE-2016-5455 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3615 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |||
| CVE-2016-3614 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-3560 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3549 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentia… | |||
| CVE-2016-3548 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3547 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-3545 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vector… | |||
| CVE-2016-3508 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3500 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3498 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. | |||
| CVE-2016-3445 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-1459 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSC… | |||
| CVE-2016-0393 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | |||
| CVE-2016-5797 | medium | 5.3 | 5.3 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate a… | |||
| CVE-2016-4247 | medium | 5.3 | 5.3 | 10y ago | Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information vi… | |||
| CVE-2016-3277 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-3273 | medium | 5.3 | 5.3 | 10y ago | The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted w… | |||
| CVE-2016-3261 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-1445 | medium | 5.3 | 5.3 | 10y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | |||
| CVE-2016-0389 | medium | 5.3 | 5.3 | 10y ago | Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5098 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | |||
| CVE-2016-5097 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin… | |||
| CVE-2016-4956 | medium | 5.3 | 5.3 | 10y ago | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists beca… | |||
| CVE-2016-4465 | medium | 5.3 | 5.3 | 10y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-5730 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin full path disclosure vulnerability |