CVEs from 2016
Total
8,556
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.6%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-5047 | medium | 6.5 | 6.5 | 10y ago | NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |
| CVE-2016-3064 | medium | 6.5 | 6.5 | 10y ago | NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | |
| CVE-2016-1477 | medium | 6.5 | 6.5 | 10y ago | Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. | |
| CVE-2016-6363 | medium | 6.5 | 6.5 | 10y ago | The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… | |
| CVE-2016-6361 | medium | 6.5 | 6.5 | 10y ago | The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… | |
| CVE-2016-4376 | medium | 6.5 | 6.5 | 10y ago | HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2016-6214 | medium | 6.5 | 6.5 | 10y ago | gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |
| CVE-2016-6207 | medium | 6.5 | 6.5 | 10y ago | Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory… | |
| CVE-2016-6161 | medium | 6.5 | 6.5 | 10y ago | The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | |
| CVE-2016-6132 | medium | 6.5 | 6.5 | 10y ago | The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |
| CVE-2016-2989 | medium | 6.5 | 6.5 | 10y ago | Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |
| CVE-2016-0361 | medium | 6.5 | 6.5 | 10y ago | IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticate… | |
| CVE-2016-5412 | medium | 6.5 | 6.5 | 10y ago | arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infi… | |
| CVE-2016-5392 | medium | 6.5 | 6.5 | 10y ago | The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive pr… | |
| CVE-2016-5260 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords… | |
| CVE-2016-2839 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allo… | |
| CVE-2016-6257 | medium | 6.5 | 6.5 | 10y ago | The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementin… | |
| CVE-2016-3120 | medium | 6.5 | 6.5 | 10y ago | The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses… | |
| CVE-2016-1605 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileT… | |
| CVE-2016-1467 | medium | 6.5 | 6.5 | 10y ago | Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. | |
| CVE-2016-1465 | medium | 6.5 | 6.5 | 10y ago | Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Dis… | |
| CVE-2016-1460 | medium | 6.5 | 6.5 | 10y ago | Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. | |
| CVE-2016-6292 | medium | 6.5 | 6.5 | 10y ago | The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereferenc… | |
| CVE-2016-5135 | medium | 6.5 | 6.5 | 10y ago | WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload re… | |
| CVE-2016-5130 | medium | 6.5 | 6.5 | 10y ago | content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL dis… | |
| CVE-2016-1707 | medium | 6.5 | 6.5 | 10y ago | ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof… | |
| CVE-2016-4646 | medium | 6.5 | 6.5 | 10y ago | Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |
| CVE-2016-4605 | medium | 6.5 | 6.5 | 10y ago | Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |
| CVE-2016-4592 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. | |
| CVE-2016-4587 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. | |
| CVE-2016-5470 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Appli… | |
| CVE-2016-5461 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |
| CVE-2016-5448 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. | |
| CVE-2016-3542 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentia… | |
| CVE-2016-3537 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to Fi… | |
| CVE-2016-3521 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |
| CVE-2016-3518 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |
| CVE-2016-3514 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali… | |
| CVE-2016-3513 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality… | |
| CVE-2016-3502 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availab… | |
| CVE-2016-3501 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |
| CVE-2016-3494 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vector… | |
| CVE-2016-3486 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | |
| CVE-2016-3476 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Conso… | |
| CVE-2016-5653 | medium | 6.5 | 6.5 | 10y ago | Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |
| CVE-2016-2865 | medium | 6.5 | 6.5 | 10y ago | The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x bef… | |
| CVE-2016-1452 | medium | 6.5 | 6.5 | 10y ago | Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |
| CVE-2016-3271 | medium | 6.5 | 6.5 | 10y ago | The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |
| CVE-2016-3245 | medium | 6.5 | 6.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass… | |
| CVE-2016-5009 | medium | 6.5 | 6.5 | 10y ago | The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | |
| CVE-2016-0314 | medium | 6.5 | 6.5 | 10y ago | The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacki… | |
| CVE-2016-1444 | medium | 6.5 | 6.5 | 10y ago | The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote att… | |
| CVE-2016-6170 | medium | 6.5 | 6.5 | 10y ago | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and po… | |
| CVE-2016-1425 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | |
| CVE-2016-1398 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3… | |
| CVE-2016-2968 | medium | 6.5 | 6.5 | 10y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors. | |
| CVE-2016-3189 | medium | 6.5 | 6.5 | 10y ago | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the… | |
| CVE-2016-4057 | medium | 6.5 | 6.5 | 10y ago | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |
| CVE-2016-0349 | medium | 6.5 | 6.5 | 10y ago | IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a… | |
| CVE-2016-0298 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. | |
| CVE-2016-4828 | medium | 6.5 | 6.5 | 10y ago | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an ac… | |
| CVE-2016-1190 | medium | 6.5 | 6.5 | 10y ago | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |
| CVE-2016-1188 | medium | 6.5 | 6.5 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | |
| CVE-2016-1437 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID… | |
| CVE-2016-1434 | medium | 6.5 | 6.5 | 10y ago | The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | |
| CVE-2016-1428 | medium | 6.5 | 6.5 | 10y ago | Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug… | |
| CVE-2016-4530 | medium | 6.5 | 6.5 | 10y ago | OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | |
| CVE-2016-4518 | medium | 6.5 | 6.5 | 10y ago | OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |
| CVE-2016-1225 | medium | 6.5 | 6.5 | 10y ago | Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | |
| CVE-2016-4816 | medium | 6.5 | 6.5 | 10y ago | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | |
| CVE-2016-1424 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | |
| CVE-2016-1397 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0… | |
| CVE-2016-1432 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP … | |
| CVE-2016-2392 | medium | 6.5 | 6.5 | 10y ago | The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administr… | |
| CVE-2016-3226 | medium | 6.5 | 6.5 | 10y ago | Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, a… | |
| CVE-2016-3201 | medium | 6.5 | 6.5 | 10y ago | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF docum… | |
| CVE-2016-3198 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | |
| CVE-2016-10362 | medium | 6.5 | 6.5 | 10y ago | Logstash Logs Sensitive Information | |
| CVE-2016-3677 | medium | 6.5 | 6.5 | 10y ago | The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |
| CVE-2016-2829 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or… | |
| CVE-2016-2825 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |
| CVE-2016-2822 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | |
| CVE-2016-3085 | medium | 6.5 | 6.5 | 10y ago | Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass auth… | |
| CVE-2016-4524 | medium | 6.5 | 6.5 | 10y ago | ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |
| CVE-2016-2149 | medium | 6.5 | 6.5 | 10y ago | Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | |
| CVE-2016-1702 | medium | 6.5 | 6.5 | 10y ago | The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial… | |
| CVE-2016-1699 | medium | 6.5 | 6.5 | 10y ago | WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl paramet… | |
| CVE-2016-1698 | medium | 6.5 | 6.5 | 10y ago | The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to… | |
| CVE-2016-1689 | medium | 6.5 | 6.5 | 10y ago | Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified o… | |
| CVE-2016-1688 | medium | 6.5 | 6.5 | 10y ago | The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to caus… | |
| CVE-2016-1687 | medium | 6.5 | 6.5 | 10y ago | The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors relat… | |
| CVE-2016-1686 | medium | 6.5 | 6.5 | 10y ago | The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, wh… | |
| CVE-2016-1685 | medium | 6.5 | 6.5 | 10y ago | core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read… | |
| CVE-2016-1677 | medium | 6.5 | 6.5 | 10y ago | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeU… | |
| CVE-2016-0288 | medium | 6.5 | 6.5 | 10y ago | IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external … | |
| CVE-2016-2311 | medium | 6.5 | 6.5 | 10y ago | Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks S… | |
| CVE-2016-1413 | medium | 6.5 | 6.5 | 10y ago | The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |
| CVE-2016-1379 | medium | 6.5 | 6.5 | 10y ago | Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via cra… | |
| CVE-2016-1385 | medium | 6.5 | 6.5 | 10y ago | The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by … | |
| CVE-2016-4020 | medium | 6.5 | 6.5 | 10y ago | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory … |