CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2961 | medium | 5.3 | 5.3 | 10y ago | The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version informat… | |||
| CVE-2016-2872 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2016-1440 | medium | 5.3 | 5.3 | 10y ago | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improp… | |||
| CVE-2016-5306 | medium | 5.3 | 5.3 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information b… | |||
| CVE-2016-4086 | medium | 5.3 | 5.3 | 10y ago | Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||
| CVE-2016-4824 | medium | 5.3 | 5.3 | 10y ago | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attacker… | |||
| CVE-2016-1191 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | |||
| CVE-2016-4821 | medium | 5.3 | 5.3 | 10y ago | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | |||
| CVE-2016-1223 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via u… | |||
| CVE-2016-3687 | medium | 5.3 | 5.3 | 10y ago | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to red… | |||
| CVE-2016-3216 | medium | 4.3 | 5.3 | 10y ago | GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |||
| CVE-2016-5104 | medium | 5.3 | 5.3 | 10y ago | The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connect… | |||
| CVE-2016-4495 | medium | 5.3 | 5.3 | 10y ago | KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||
| CVE-2016-3703 | medium | 5.3 | 5.3 | 10y ago | Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote … | |||
| CVE-2016-3093 | medium | 5.3 | 5.3 | 10y ago | Denial of service in Apache Struts | |||
| CVE-2016-1694 | medium | 5.3 | 5.3 | 10y ago | browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid … | |||
| CVE-2016-1693 | medium | 5.3 | 5.3 | 10y ago | browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to… | |||
| CVE-2016-1692 | medium | 5.3 | 5.3 | 10y ago | WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl… | |||
| CVE-2016-1370 | medium | 5.3 | 5.3 | 10y ago | Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via… | |||
| CVE-2016-4785 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4784 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4792 | medium | 5.3 | 5.3 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | |||
| CVE-2016-2190 | medium | 5.3 | 5.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2016-3739 | medium | 5.3 | 5.3 | 10y ago | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection… | |||
| CVE-2016-1844 | medium | 5.3 | 5.3 | 10y ago | The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | |||
| CVE-2016-4442 | medium | 5.3 | 5.3 | 10y ago | rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects | |||
| CVE-2016-1670 | medium | 5.3 | 5.3 | 10y ago | Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak… | |||
| CVE-2016-4536 | medium | 5.3 | 5.3 | 10y ago | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow… | |||
| CVE-2016-0194 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnera… | |||
| CVE-2016-0902 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … | |||
| CVE-2016-1199 | medium | 5.3 | 5.3 | 10y ago | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability tha… | |||
| CVE-2016-2303 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||
| CVE-2016-2302 | medium | 5.3 | 5.3 | 10y ago | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | |||
| CVE-2016-2212 | medium | 5.3 | 5.3 | 10y ago | The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.… | |||
| CVE-2016-1378 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) por… | |||
| CVE-2016-1376 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, a… | |||
| CVE-2016-3170 | medium | 5.3 | 5.3 | 10y ago | Drupal sensitive information disclosure | |||
| CVE-2016-0790 | medium | 5.3 | 5.3 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-3973 | medium | 5.3 | 5.3 | 10y ago | The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/… | |||
| CVE-2016-3119 | medium | 5.3 | 5.3 | 10y ago | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the D… | |||
| CVE-2016-1787 | medium | 5.3 | 5.3 | 10y ago | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||
| CVE-2016-1776 | medium | 5.3 | 5.3 | 10y ago | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP … | |||
| CVE-2016-1774 | medium | 5.3 | 5.3 | 10y ago | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitiv… | |||
| CVE-2016-0825 | medium | 5.3 | 5.3 | 10y ago | The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining… | |||
| CVE-2016-0824 | medium | 5.3 | 5.3 | 10y ago | libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, … | |||
| CVE-2016-1361 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to… | |||
| CVE-2016-2845 | medium | 5.3 | 5.3 | 10y ago | The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remo… | |||
| CVE-2016-2283 | medium | 5.3 | 5.3 | 10y ago | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via un… | |||
| CVE-2016-2282 | medium | 5.3 | 5.3 | 10y ago | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext… | |||
| CVE-2016-1357 | medium | 5.3 | 5.3 | 10y ago | The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions an… | |||
| CVE-2016-1288 | medium | 5.3 | 5.3 | 10y ago | The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by lev… | |||
| CVE-2016-1353 | medium | 5.3 | 5.3 | 10y ago | The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… | |||
| CVE-2016-2097 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted u… | |||
| CVE-2016-1342 | medium | 5.3 | 5.3 | 10y ago | The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID C… | |||
| CVE-2016-2044 | medium | 5.3 | 5.3 | 10y ago | libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an e… | |||
| CVE-2016-2042 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpsecl… | |||
| CVE-2016-2039 | medium | 5.3 | 5.3 | 10y ago | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass int… | |||
| CVE-2016-2038 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error… | |||
| CVE-2016-2509 | medium | 5.3 | 5.3 | 10y ago | The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator pa… | |||
| CVE-2016-1334 | medium | 5.3 | 5.3 | 10y ago | Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. | |||
| CVE-2016-0747 | medium | 5.3 | 5.3 | 10y ago | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) v… | |||
| CVE-2016-0864 | medium | 5.3 | 5.3 | 10y ago | Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified … | |||
| CVE-2016-1324 | medium | 5.3 | 5.3 | 10y ago | The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | |||
| CVE-2016-0950 | medium | 5.3 | 5.3 | 10y ago | Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | |||
| CVE-2016-0050 | medium | 5.3 | 5.3 | 10y ago | Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS … | |||
| CVE-2016-1319 | medium | 5.3 | 5.3 | 11y ago | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified C… | |||
| CVE-2016-1316 | medium | 5.3 | 5.3 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r… | |||
| CVE-2016-2201 | medium | 5.3 | 5.3 | 11y ago | Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | |||
| CVE-2016-1948 | medium | 5.3 | 5.3 | 11y ago | Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modi… | |||
| CVE-2016-1940 | medium | 5.3 | 5.3 | 11y ago | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. | |||
| CVE-2016-1939 | medium | 5.3 | 5.3 | 11y ago | Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vul… | |||
| CVE-2016-0756 | medium | 5.3 | 5.3 | 11y ago | The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network… | |||
| CVE-2016-0754 | medium | 5.3 | 5.3 | 11y ago | cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | |||
| CVE-2016-1299 | medium | 5.3 | 5.3 | 11y ago | The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw871… | |||
| CVE-2016-0753 | medium | 5.3 | 5.3 | 11y ago | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers t… | |||
| CVE-2016-1907 | medium | 5.3 | 5.3 | 11y ago | The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | |||
| CVE-2016-1295 | medium | 5.3 | 5.3 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. | |||
| CVE-2016-1260 | medium | 5.3 | 5.3 | 11y ago | Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consu… | |||
| CVE-2016-1258 | medium | 5.3 | 5.3 | 11y ago | Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2… | |||
| CVE-2016-1256 | medium | 5.3 | 5.3 | 11y ago | Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 befo… | |||
| CVE-2016-1494 | medium | 5.3 | 5.3 | 11y ago | The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | |||
| CVE-2016-0455 | medium | — | 5.2 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confident… | |||
| CVE-2016-8017 | medium | 4.1 | 5.1 | 9y ago | Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user… | |||
| CVE-2016-5894 | medium | 5.1 | 5.1 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix cons… | |||
| CVE-2016-5746 | medium | 5.1 | 5.1 | 10y ago | libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by re… | |||
| CVE-2016-6480 | medium | 5.1 | 5.1 | 10y ago | Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash)… | |||
| CVE-2016-6156 | medium | 5.1 | 5.1 | 10y ago | Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access… | |||
| CVE-2016-0252 | medium | 5.1 | 5.1 | 10y ago | IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. | |||
| CVE-2016-2547 | medium | 5.1 | 5.1 | 10y ago | sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use… | |||
| CVE-2016-2546 | medium | 5.1 | 5.1 | 10y ago | sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a cra… | |||
| CVE-2016-2545 | medium | 5.1 | 5.1 | 10y ago | The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race c… | |||
| CVE-2016-2544 | medium | 5.1 | 5.1 | 10y ago | Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making … | |||
| CVE-2016-0641 | medium | 5.1 | 5.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0702 | medium | 5.1 | 5.1 | 10y ago | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiati… | |||
| CVE-2016-8762 | medium | 5.0 | 5.0 | 9y ago | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 a… | |||
| CVE-2016-9347 | medium | 5.0 | 5.0 | 9y ago | An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the D… | |||
| CVE-2016-6040 | medium | 5.0 | 5.0 | 10y ago | IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | |||
| CVE-2016-0318 | medium | 5.0 | 5.0 | 10y ago | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by lev… | |||
| CVE-2016-7917 | medium | 5.0 | 5.0 | 10y ago | The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain … | |||
| CVE-2016-5594 | medium | 5.0 | 5.0 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to a… |