CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5106 | medium | 6.0 | 6.0 | 10y ago | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of … | |||
| CVE-2016-4952 | medium | 6.0 | 6.0 | 10y ago | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vec… | |||
| CVE-2016-4509 | medium | 6.0 | 6.0 | 10y ago | Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||
| CVE-2016-2841 | medium | 6.0 | 6.0 | 10y ago | The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU proces… | |||
| CVE-2016-4454 | medium | 6.0 | 6.0 | 10y ago | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash)… | |||
| CVE-2016-4037 | medium | 6.0 | 6.0 | 10y ago | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous tra… | |||
| CVE-2016-4441 | medium | 6.0 | 6.0 | 10y ago | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of servi… | |||
| CVE-2016-0697 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity v… | |||
| CVE-2016-0669 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | |||
| CVE-2016-0425 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availab… | |||
| CVE-2016-8738 | medium | 5.9 | 5.9 | 9y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-10511 | medium | 5.9 | 5.9 | 9y ago | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the abili… | |||
| CVE-2016-6029 | medium | 5.9 | 5.9 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.… | |||
| CVE-2016-0762 | medium | 5.9 | 5.9 | 9y ago | Observable Discrepancy in Apache Tomcat | |||
| CVE-2016-9972 | medium | 5.9 | 5.9 | 9y ago | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8746 | medium | 5.9 | 5.9 | 9y ago | Apache Ranger policy engine incorrectly matches paths in certain conditions | |||
| CVE-2016-7816 | medium | 5.9 | 5.9 | 9y ago | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… | |||
| CVE-2016-7805 | medium | 5.9 | 5.9 | 9y ago | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke… | |||
| CVE-2016-7055 | medium | 5.9 | 5.9 | 9y ago | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bi… | |||
| CVE-2016-5810 | medium | 4.9 | 5.9 | 9y ago | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | |||
| CVE-2016-4467 | medium | 5.9 | 5.9 | 9y ago | The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name … | |||
| CVE-2016-8962 | medium | 5.9 | 5.9 | 9y ago | IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||
| CVE-2016-5016 | medium | 5.9 | 5.9 | 9y ago | Cloud Foundry vulnerable to Improper Certificate Validation | |||
| CVE-2016-2564 | medium | 5.9 | 5.9 | 9y ago | Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board… | |||
| CVE-2016-1519 | medium | 5.9 | 5.9 | 9y ago | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grands… | |||
| CVE-2016-1221 | medium | 5.9 | 5.9 | 9y ago | Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific… | |||
| CVE-2016-1210 | medium | 5.9 | 5.9 | 9y ago | The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2016-1198 | medium | 5.9 | 5.9 | 9y ago | Photopt for Android before 2.0.1 does not verify SSL certificates. | |||
| CVE-2016-1186 | medium | 5.9 | 5.9 | 9y ago | Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||
| CVE-2016-4840 | medium | 5.9 | 5.9 | 9y ago | Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | |||
| CVE-2016-4832 | medium | 5.9 | 5.9 | 9y ago | WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||
| CVE-2016-4830 | medium | 5.9 | 5.9 | 9y ago | Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | |||
| CVE-2016-4829 | medium | 5.9 | 5.9 | 9y ago | DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||
| CVE-2016-1184 | medium | 5.9 | 5.9 | 9y ago | Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||
| CVE-2016-4818 | medium | 5.9 | 5.9 | 9y ago | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | |||
| CVE-2016-10259 | medium | 5.9 | 5.9 | 9y ago | Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connec… | |||
| CVE-2016-6805 | medium | 5.9 | 5.9 | 9y ago | Moderate severity vulnerability that affects org.apache.ignite:ignite-core | |||
| CVE-2016-10319 | medium | 5.9 | 5.9 | 9y ago | In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involvin… | |||
| CVE-2016-8795 | medium | 5.9 | 5.9 | 9y ago | Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,… | |||
| CVE-2016-9319 | medium | 5.9 | 5.9 | 9y ago | There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||
| CVE-2016-7541 | medium | 5.9 | 5.9 | 9y ago | Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.… | |||
| CVE-2016-10130 | medium | 5.9 | 5.9 | 9y ago | The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variabl… | |||
| CVE-2016-6225 | medium | 5.9 | 5.9 | 9y ago | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain … | |||
| CVE-2016-7468 | medium | 5.9 | 5.9 | 9y ago | An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated… | |||
| CVE-2016-9245 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settin… | |||
| CVE-2016-6882 | medium | 5.9 | 5.9 | 9y ago | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||
| CVE-2016-9892 | medium | 5.9 | 5.9 | 9y ago | The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL s… | |||
| CVE-2016-10228 | medium | 5.9 | 5.9 | 9y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-3052 | medium | 5.9 | 5.9 | 9y ago | Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | |||
| CVE-2016-7636 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … | |||
| CVE-2016-7579 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component,… | |||
| CVE-2016-4721 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle… | |||
| CVE-2016-4685 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||
| CVE-2016-8652 | medium | 5.9 | 5.9 | 9y ago | The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||
| CVE-2016-4314 | medium | 4.9 | 5.9 | 9y ago | WSO2 Carbon directory traversal vulnerability | |||
| CVE-2016-1249 | medium | 5.9 | 5.9 | 9y ago | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned n… | |||
| CVE-2016-5900 | medium | 5.9 | 5.9 | 9y ago | IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attac… | |||
| CVE-2016-8492 | medium | 5.9 | 5.9 | 9y ago | The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||
| CVE-2016-10213 | medium | 5.9 | 5.9 | 9y ago | A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by le… | |||
| CVE-2016-10212 | medium | 5.9 | 5.9 | 9y ago | Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-02… | |||
| CVE-2016-0270 | medium | 5.9 | 5.9 | 9y ago | IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the au… | |||
| CVE-2016-6495 | medium | 5.9 | 5.9 | 9y ago | NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||
| CVE-2016-6116 | medium | 5.9 | 5.9 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could … | |||
| CVE-2016-5935 | medium | 5.9 | 5.9 | 10y ago | IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8966 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab… | |||
| CVE-2016-8918 | medium | 5.9 | 5.9 | 10y ago | IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||
| CVE-2016-5966 | medium | 5.9 | 5.9 | 10y ago | IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a… | |||
| CVE-2016-3043 | medium | 5.9 | 5.9 | 10y ago | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t… | |||
| CVE-2016-9963 | medium | 5.9 | 5.9 | 10y ago | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||
| CVE-2016-6329 | medium | 5.9 | 5.9 | 10y ago | OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-ov… | |||
| CVE-2016-5117 | medium | 5.9 | 5.9 | 10y ago | OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid… | |||
| CVE-2016-2402 | medium | 5.9 | 5.9 | 10y ago | Improper Certificate Validation in OkHttp | |||
| CVE-2016-2519 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a… | |||
| CVE-2016-5876 | medium | 5.9 | 5.9 | 10y ago | ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | |||
| CVE-2016-10104 | medium | 5.9 | 5.9 | 10y ago | Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP… | |||
| CVE-2016-9311 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | |||
| CVE-2016-8671 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: … | |||
| CVE-2016-6887 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | |||
| CVE-2016-10027 | medium | 5.9 | 5.9 | 10y ago | Smack allows the bypass of TLS protections | |||
| CVE-2016-9247 | medium | 5.9 | 5.9 | 10y ago | Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microke… | |||
| CVE-2016-8106 | medium | 5.9 | 5.9 | 10y ago | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic worki… | |||
| CVE-2016-2373 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2372 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2370 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A maliciou… | |||
| CVE-2016-2369 | medium | 5.9 | 5.9 | 10y ago | A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnera… | |||
| CVE-2016-2367 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2366 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2365 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A mali… | |||
| CVE-2016-5024 | medium | 5.9 | 5.9 | 10y ago | Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Tra… | |||
| CVE-2016-9159 | medium | 5.9 | 5.9 | 10y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and b… | |||
| CVE-2016-1411 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SM… | |||
| CVE-2016-9860 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4… | |||
| CVE-2016-6632 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (… | |||
| CVE-2016-6624 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention | |||
| CVE-2016-6622 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin DoS Vulnerability | |||
| CVE-2016-5341 | medium | 5.9 | 5.9 | 10y ago | The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed … | |||
| CVE-2016-2927 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms … | |||
| CVE-2016-6709 | medium | 5.9 | 5.9 | 10y ago | An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive inf… | |||
| CVE-2016-6461 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affec… | |||
| CVE-2016-9376 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet… |