CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4911 | medium | 4.3 | 4.3 | 10y ago | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrict… | |||
| CVE-2016-2832 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||
| CVE-2016-2159 | medium | 4.3 | 4.3 | 10y ago | Moodle External function mod_assign_save_submission does not check due dates | |||
| CVE-2016-2158 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to obtain sensitive category-detail information | |||
| CVE-2016-2156 | medium | 4.3 | 4.3 | 10y ago | Moodle provides calendar-event data without considering whether an activity is hidden | |||
| CVE-2016-2155 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to modify "Exclude grade" settings | |||
| CVE-2016-2154 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to discover hidden course names | |||
| CVE-2016-2151 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to discover student e-mail addresses | |||
| CVE-2016-3727 | medium | 4.3 | 4.3 | 10y ago | Jenkins Exposes Sensitive Information via API URL | |||
| CVE-2016-3725 | medium | 4.3 | 4.3 | 10y ago | Missing permissions check in Jenkins Core | |||
| CVE-2016-3723 | medium | 4.3 | 4.3 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-3722 | medium | 4.3 | 4.3 | 10y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2016-3721 | medium | 4.3 | 4.3 | 10y ago | Jenkins allows Remote Users to Inject Build Parameters | |||
| CVE-2016-0381 | medium | 4.3 | 4.3 | 10y ago | IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty valu… | |||
| CVE-2016-1664 | medium | 4.3 | 4.3 | 10y ago | The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and othe… | |||
| CVE-2016-1206 | medium | 4.3 | 4.3 | 10y ago | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-f… | |||
| CVE-2016-0895 | medium | 4.3 | 4.3 | 10y ago | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | |||
| CVE-2016-0893 | medium | 4.3 | 4.3 | 10y ago | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||
| CVE-2016-2820 | medium | 4.3 | 4.3 | 10y ago | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify… | |||
| CVE-2016-0211 | medium | 4.3 | 4.3 | 10y ago | IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA mess… | |||
| CVE-2016-2304 | medium | 4.3 | 4.3 | 10y ago | Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive inf… | |||
| CVE-2016-3425 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. | |||
| CVE-2016-3422 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. | |||
| CVE-2016-1658 | medium | 4.3 | 4.3 | 10y ago | The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o… | |||
| CVE-2016-1657 | medium | 4.3 | 4.3 | 10y ago | The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which… | |||
| CVE-2016-1175 | medium | 4.3 | 4.3 | 10y ago | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2016-0289 | medium | 4.3 | 4.3 | 10y ago | shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictio… | |||
| CVE-2016-1781 | medium | 4.3 | 4.3 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | |||
| CVE-2016-1780 | medium | 4.3 | 4.3 | 10y ago | WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical envi… | |||
| CVE-2016-1772 | medium | 4.3 | 4.3 | 10y ago | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | |||
| CVE-2016-1764 | medium | 4.3 | 4.3 | 10y ago | The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||
| CVE-2016-0222 | medium | 4.3 | 4.3 | 10y ago | IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | |||
| CVE-2016-1965 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors invo… | |||
| CVE-2016-1958 | medium | 4.3 | 4.3 | 10y ago | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | |||
| CVE-2016-1957 | medium | 4.3 | 4.3 | 10y ago | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger… | |||
| CVE-2016-1955 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in… | |||
| CVE-2016-1562 | medium | 4.3 | 4.3 | 10y ago | The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. | |||
| CVE-2016-0886 | medium | 4.3 | 4.3 | 10y ago | EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||
| CVE-2016-1640 | medium | 4.3 | 4.3 | 10y ago | The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for … | |||
| CVE-2016-0706 | medium | 4.3 | 4.3 | 10y ago | Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict… | |||
| CVE-2016-0724 | medium | 4.3 | 4.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2016-0232 | medium | 4.3 | 4.3 | 10y ago | IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by re… | |||
| CVE-2016-0231 | medium | 4.3 | 4.3 | 10y ago | IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by re… | |||
| CVE-2016-1626 | medium | 4.3 | 4.3 | 10y ago | The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a… | |||
| CVE-2016-1625 | medium | 4.3 | 4.3 | 10y ago | The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers … | |||
| CVE-2016-1323 | medium | 4.3 | 4.3 | 10y ago | The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | |||
| CVE-2016-0080 | medium | 4.3 | 4.3 | 10y ago | Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR … | |||
| CVE-2016-0077 | medium | 4.3 | 4.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2016-0059 | medium | 4.3 | 4.3 | 10y ago | The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) O… | |||
| CVE-2016-1317 | medium | 4.3 | 4.3 | 11y ago | Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL… | |||
| CVE-2016-1728 | medium | 4.3 | 4.3 | 11y ago | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote… | |||
| CVE-2016-1617 | medium | 4.3 | 4.3 | 11y ago | The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does no… | |||
| CVE-2016-1616 | medium | 4.3 | 4.3 | 11y ago | The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocuse… | |||
| CVE-2016-1614 | medium | 4.3 | 4.3 | 11y ago | The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization … | |||
| CVE-2016-0594 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2016-0590 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM Order Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2016-0588 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle General Ledger component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Consolidation Hierarch… | |||
| CVE-2016-0586 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp. | |||
| CVE-2016-0584 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Componen… | |||
| CVE-2016-0583 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Componen… | |||
| CVE-2016-0582 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Componen… | |||
| CVE-2016-0579 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Componen… | |||
| CVE-2016-0575 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service. | |||
| CVE-2016-0558 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Service Contracts component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors re… | |||
| CVE-2016-0555 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CADView-3D component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related t… | |||
| CVE-2016-0542 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown v… | |||
| CVE-2016-0536 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to error messages. | |||
| CVE-2016-0535 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. | |||
| CVE-2016-0534 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Project Contracts component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Pr… | |||
| CVE-2016-0533 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to M… | |||
| CVE-2016-0521 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Redirection. | |||
| CVE-2016-0520 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to Java APIs. | |||
| CVE-2016-0519 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a diff… | |||
| CVE-2016-0513 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Component… | |||
| CVE-2016-0509 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities. | |||
| CVE-2016-0508 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. | |||
| CVE-2016-0507 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a diff… | |||
| CVE-2016-0506 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentia… | |||
| CVE-2016-0497 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via… | |||
| CVE-2016-0496 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the MICROS CWDirect component in Oracle Retail Applications 12.5, 13.0, 14.0, 15.0, 16.0, 17.0, and 18.0 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2016-0495 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related… | |||
| CVE-2016-0471 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2016-0464 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. | |||
| CVE-2016-0463 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2016-0443 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-0433 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support. | |||
| CVE-2016-0430 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a diff… | |||
| CVE-2016-0429 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Schedul… | |||
| CVE-2016-0404 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin. | |||
| CVE-2016-0401 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Schedul… | |||
| CVE-2016-0012 | medium | 4.3 | 4.3 | 11y ago | Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Ex… | |||
| CVE-2016-0008 | medium | 4.3 | 4.3 | 11y ago | The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 a… | |||
| CVE-2016-0005 | medium | 4.3 | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2016-1501 | medium | 4.3 | 4.3 | 11y ago | ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exce… | |||
| CVE-2016-7815 | medium | 4.2 | 4.2 | 9y ago | Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||
| CVE-2016-8292 | medium | 4.2 | 4.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to… | |||
| CVE-2016-5493 | medium | 4.2 | 4.2 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality … | |||
| CVE-2016-4499 | medium | 4.2 | 4.2 | 10y ago | Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2016-4497 | medium | 4.2 | 4.2 | 10y ago | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2016-4496 | medium | 4.2 | 4.2 | 10y ago | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, a… |