CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8942 | low | 3.1 | 3.1 | 10y ago | IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. | |||
| CVE-2016-8314 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult… | |||
| CVE-2016-5509 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0… | |||
| CVE-2016-2380 | low | 3.1 | 3.1 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced … | |||
| CVE-2016-2874 | low | 3.1 | 3.1 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-7239 | low | 3.1 | 3.1 | 10y ago | The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information… | |||
| CVE-2016-7227 | low | 3.1 | 3.1 | 10y ago | The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser I… | |||
| CVE-2016-7204 | low | 3.1 | 3.1 | 10y ago | Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |||
| CVE-2016-7199 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsof… | |||
| CVE-2016-8288 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |||
| CVE-2016-8286 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. | |||
| CVE-2016-5618 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated us… | |||
| CVE-2016-5561 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE. | |||
| CVE-2016-5542 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. | |||
| CVE-2016-5506 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. | |||
| CVE-2016-0379 | low | 3.1 | 3.1 | 10y ago | IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager… | |||
| CVE-2016-5166 | low | 3.1 | 3.1 | 10y ago | The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// … | |||
| CVE-2016-0385 | low | 3.1 | 3.1 | 10y ago | Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is en… | |||
| CVE-2016-4583 | low | 3.1 | 3.1 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing at… | |||
| CVE-2016-5473 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to Fi… | |||
| CVE-2016-3516 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali… | |||
| CVE-2016-3276 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2016-3274 | low | 3.1 | 3.1 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||
| CVE-2016-3428 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vector… | |||
| CVE-2016-3426 | low | 3.1 | 3.1 | 10y ago | Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | |||
| CVE-2016-2513 | low | 3.1 | 3.1 | 10y ago | The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | |||
| CVE-2016-0125 | low | 3.1 | 3.1 | 10y ago | Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information D… | |||
| CVE-2016-1500 | low | 3.1 | 3.1 | 11y ago | ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, … | |||
| CVE-2016-3490 | low | 3.0 | 3.0 | 10y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remot… | |||
| CVE-2016-4740 | low | 2.9 | 2.9 | 10y ago | Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via… | |||
| CVE-2016-3485 | low | 2.9 | 2.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. | |||
| CVE-2016-5551 | low | 2.8 | 2.8 | 9y ago | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerabil… | |||
| CVE-2016-5480 | low | 2.8 | 2.8 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. | |||
| CVE-2016-3272 | low | 2.8 | 2.8 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive inf… | |||
| CVE-2016-3251 | low | 2.8 | 2.8 | 10y ago | The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windo… | |||
| CVE-2016-4511 | low | 2.8 | 2.8 | 10y ago | ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to t… | |||
| CVE-2016-0607 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. | |||
| CVE-2016-5979 | low | 2.7 | 2.7 | 9y ago | IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the… | |||
| CVE-2016-9338 | low | 2.7 | 2.7 | 9y ago | An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and… | |||
| CVE-2016-3046 | low | 2.7 | 2.7 | 10y ago | IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end da… | |||
| CVE-2016-3021 | low | 2.7 | 2.7 | 10y ago | IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. | |||
| CVE-2016-2947 | low | 2.7 | 2.7 | 10y ago | IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18… | |||
| CVE-2016-0370 | low | 2.7 | 2.7 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an … | |||
| CVE-2016-5462 | low | 2.7 | 2.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vect… | |||
| CVE-2016-2870 | low | 2.7 | 2.7 | 10y ago | Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-2868 | low | 2.7 | 2.7 | 10y ago | IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity ref… | |||
| CVE-2016-1212 | low | 2.7 | 2.7 | 10y ago | Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||
| CVE-2016-3972 | low | 2.7 | 2.7 | 10y ago | Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||
| CVE-2016-10713 | low | — | 2.5 | — | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | |||
| CVE-2016-7554 | low | — | 2.5 | — | arbitrary code execution in ffmpeg | |||
| CVE-2016-3714 | unknown | — | 2.5 | 2y ago | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code … | |||
| CVE-2016-20017 | unknown | — | 2.5 | 2y ago | D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. | |||
| CVE-2016-0165 | unknown | — | 2.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2016-6415 | unknown | — | 2.5 | 3y ago | Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information… | |||
| CVE-2016-2386 | unknown | — | 2.5 | 4y ago | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-2388 | unknown | — | 2.5 | 4y ago | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | |||
| CVE-2016-0984 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. | |||
| CVE-2016-6367 | unknown | — | 2.5 | 4y ago | A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. | |||
| CVE-2016-4657 | unknown | — | 2.5 | 4y ago | Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTM… | |||
| CVE-2016-6366 | unknown | — | 2.5 | 4y ago | A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute cod… | |||
| CVE-2016-4656 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application. | |||
| CVE-2016-4655 | unknown | — | 2.5 | 4y ago | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | |||
| CVE-2016-4437 | unknown | — | 2.5 | 4y ago | Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi… | |||
| CVE-2016-7200 | unknown | — | 2.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-7201 | unknown | — | 2.5 | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2016-3088 | unknown | — | 2.5 | 4y ago | The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request | |||
| CVE-2016-0040 | unknown | — | 2.5 | 4y ago | The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. | |||
| CVE-2016-0189 | unknown | — | 2.5 | 4y ago | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web s… | |||
| CVE-2016-0151 | unknown | — | 2.5 | 4y ago | The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. | |||
| CVE-2016-1555 | unknown | — | 2.5 | 4y ago | Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. | |||
| CVE-2016-11021 | unknown | — | 2.5 | 4y ago | setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. | |||
| CVE-2016-10174 | unknown | — | 2.5 | 4y ago | The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. | |||
| CVE-2016-3309 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in k… | |||
| CVE-2016-6277 | unknown | — | 2.5 | 4y ago | NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. | |||
| CVE-2016-0099 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this… | |||
| CVE-2016-4117 | unknown | — | 2.5 | 4y ago | An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2016-3976 | unknown | — | 2.5 | 5y ago | SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote at… | |||
| CVE-2016-3715 | unknown | — | 2.5 | 5y ago | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||
| CVE-2016-3643 | unknown | — | 2.5 | 5y ago | SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | |||
| CVE-2016-3718 | unknown | — | 2.5 | 5y ago | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |||
| CVE-2016-7255 | unknown | — | 2.5 | 5y ago | Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | |||
| CVE-2016-3235 | unknown | — | 2.5 | 5y ago | Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitat… | |||
| CVE-2016-0185 | unknown | — | 2.5 | 5y ago | Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. | |||
| CVE-2016-5992 | low | 2.5 | 2.5 | 10y ago | IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-6450 | low | 2.5 | 2.5 | 10y ago | A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulne… | |||
| CVE-2016-7960 | low | 2.5 | 2.5 | 10y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration in… | |||
| CVE-2016-5849 | low | 2.5 | 2.5 | 10y ago | Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |||
| CVE-2016-2894 | low | 2.5 | 2.5 | 10y ago | IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary ac… | |||
| CVE-2016-0259 | low | 2.5 | 2.5 | 10y ago | runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |||
| CVE-2016-1185 | low | 2.5 | 2.5 | 10y ago | The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | |||
| CVE-2016-0752 | unknown | — | 2.5 | 11y ago | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | |||
| CVE-2016-7765 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive informati… | |||
| CVE-2016-7664 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo… | |||
| CVE-2016-7653 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo … | |||
| CVE-2016-9703 | low | 2.4 | 2.4 | 10y ago | IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | |||
| CVE-2016-3562 | low | 2.4 | 2.4 | 10y ago | Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to D… | |||
| CVE-2016-3291 | low | 2.4 | 2.4 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Informa… | |||
| CVE-2016-4593 | low | 2.4 | 2.4 | 10y ago | The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | |||
| CVE-2016-1852 | low | 2.4 | 2.4 | 10y ago | Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via… | |||
| CVE-2016-8305 | low | 2.1 | 2.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… |