CVEs from 2016
Total
8,455
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5553 | medium | 5.0 | 5.0 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. | |||
| CVE-2016-3292 | medium | 5.0 | 5.0 | 10y ago | Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Exp… | |||
| CVE-2016-4451 | medium | 5.0 | 5.0 | 10y ago | The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restricti… | |||
| CVE-2016-3256 | medium | 5.0 | 5.0 | 10y ago | Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode… | |||
| CVE-2016-4528 | medium | 5.0 | 5.0 | 10y ago | Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | |||
| CVE-2016-2391 | medium | 5.0 | 5.0 | 10y ago | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process … | |||
| CVE-2016-3232 | medium | 5.0 | 5.0 | 10y ago | The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted appli… | |||
| CVE-2016-3230 | medium | 5.0 | 5.0 | 10y ago | The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denia… | |||
| CVE-2016-2810 | medium | 5.0 | 5.0 | 10y ago | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstra… | |||
| CVE-2016-0869 | medium | 5.0 | 5.0 | 11y ago | Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. | |||
| CVE-2016-0585 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error. | |||
| CVE-2016-0580 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-0571 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Balanced Scorecard component in Oracle E-Business Suite 11.5.10.2 and 12.1 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-0570 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vecto… | |||
| CVE-2016-0569 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknow… | |||
| CVE-2016-0568 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to S… | |||
| CVE-2016-0567 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknow… | |||
| CVE-2016-0566 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality … | |||
| CVE-2016-0565 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2016-0541 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors re… | |||
| CVE-2016-0540 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors re… | |||
| CVE-2016-0539 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-0538 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via un… | |||
| CVE-2016-0526 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unk… | |||
| CVE-2016-0501 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. | |||
| CVE-2016-0486 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0485 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0484 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0482 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0481 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0480 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0478 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0477 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0476 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2016-0466 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affec… | |||
| CVE-2016-0460 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepa… | |||
| CVE-2016-0457 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to… | |||
| CVE-2016-0456 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to… | |||
| CVE-2016-0450 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-0439 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a diff… | |||
| CVE-2016-0421 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Monitoring an… | |||
| CVE-2016-0416 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility. | |||
| CVE-2016-0402 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vect… | |||
| CVE-2016-4043 | medium | 4.9 | 4.9 | 4y ago | Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | |||
| CVE-2016-10310 | medium | 4.9 | 4.9 | 9y ago | Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and p… | |||
| CVE-2016-7542 | medium | 4.9 | 4.9 | 9y ago | A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) s… | |||
| CVE-2016-7135 | medium | 4.9 | 4.9 | 9y ago | Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile ac… | |||
| CVE-2016-8375 | medium | 4.9 | 4.9 | 9y ago | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physica… | |||
| CVE-2016-8226 | medium | 4.9 | 4.9 | 10y ago | The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||
| CVE-2016-7787 | medium | 4.9 | 4.9 | 10y ago | A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | |||
| CVE-2016-5635 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. | |||
| CVE-2016-5634 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. | |||
| CVE-2016-5633 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-… | |||
| CVE-2016-5632 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-5631 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. | |||
| CVE-2016-5630 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5629 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | |||
| CVE-2016-5628 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. | |||
| CVE-2016-5507 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3495 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-5976 | medium | 4.9 | 4.9 | 10y ago | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… | |||
| CVE-2016-1497 | medium | 4.9 | 4.9 | 10y ago | The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allow… | |||
| CVE-2016-3320 | medium | 4.9 | 4.9 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or… | |||
| CVE-2016-5442 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-5441 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | |||
| CVE-2016-5440 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote admi… | |||
| CVE-2016-5439 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | |||
| CVE-2016-5437 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. | |||
| CVE-2016-5436 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3520 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via v… | |||
| CVE-2016-3459 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via… | |||
| CVE-2016-3424 | medium | 4.9 | 4.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-5092 | medium | 4.9 | 4.9 | 10y ago | Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featu… | |||
| CVE-2016-5021 | medium | 4.9 | 4.9 | 10y ago | The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0… | |||
| CVE-2016-0731 | medium | 4.9 | 4.9 | 10y ago | The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||
| CVE-2016-0225 | medium | 4.9 | 4.9 | 10y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-2314 | medium | 4.9 | 4.9 | 10y ago | GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to crea… | |||
| CVE-2016-0465 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manag… | |||
| CVE-2016-0428 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot. | |||
| CVE-2016-0419 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431. | |||
| CVE-2016-8751 | medium | 4.8 | 4.8 | 9y ago | Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies | |||
| CVE-2016-7810 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4858 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11,… | |||
| CVE-2016-4856 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via… | |||
| CVE-2016-6037 | medium | 4.8 | 4.8 | 9y ago | IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project… | |||
| CVE-2016-4866 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | |||
| CVE-2016-4865 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | |||
| CVE-2016-4318 | medium | 4.8 | 4.8 | 9y ago | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||
| CVE-2016-5541 | medium | 4.8 | 4.8 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. D… | |||
| CVE-2016-7168 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-10112 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta… | |||
| CVE-2016-1000121 | medium | 4.8 | 4.8 | 10y ago | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||
| CVE-2016-8285 | medium | 4.8 | 4.8 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Cand… | |||
| CVE-2016-5395 | medium | 4.8 | 4.8 | 10y ago | Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML | |||
| CVE-2016-5696 | medium | 4.8 | 4.8 | 10y ago | net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-wi… | |||
| CVE-2016-5005 | medium | 4.8 | 4.8 | 10y ago | Apache Archiva vulnerable to Cross-site Scripting | |||
| CVE-2016-3971 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | |||
| CVE-2016-9263 | medium | 4.7 | 4.7 | 9y ago | WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained wit… | |||
| CVE-2016-0713 | medium | 4.7 | 4.7 | 9y ago | Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||
| CVE-2016-5858 | medium | 4.7 | 4.7 | 9y ago | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. |