CVEs from 2016
Total
8,525
critical
critical 1,164
high
high 3,521
medium
medium 3,172
low
low 249
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-1858 | medium | 6.5 | 6.5 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted … | |
| CVE-2016-1811 | medium | 6.5 | 6.5 | 10y ago | ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |
| CVE-2016-4425 | medium | 6.5 | 6.5 | 10y ago | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | |
| CVE-2016-3724 | medium | 6.5 | 6.5 | 10y ago | Jenkins Exposes Sensitive Information from Job Configuration | |
| CVE-2016-0323 | medium | 6.5 | 6.5 | 10y ago | The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS… | |
| CVE-2016-1665 | medium | 6.5 | 6.5 | 10y ago | The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sen… | |
| CVE-2016-2860 | medium | 6.5 | 6.5 | 10y ago | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups … | |
| CVE-2016-0169 | medium | 6.5 | 6.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |
| CVE-2016-0168 | medium | 6.5 | 6.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |
| CVE-2016-2013 | medium | 6.5 | 6.5 | 10y ago | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-2012 | medium | 6.5 | 6.5 | 10y ago | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | |
| CVE-2016-2168 | medium | 6.5 | 6.5 | 10y ago | The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service … | |
| CVE-2016-2816 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | |
| CVE-2016-2813 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's phys… | |
| CVE-2016-1595 | medium | 6.5 | 6.5 | 10y ago | LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att… | |
| CVE-2016-1594 | medium | 6.5 | 6.5 | 10y ago | Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via … | |
| CVE-2016-2300 | medium | 6.5 | 6.5 | 10y ago | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | |
| CVE-2016-0684 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. | |
| CVE-2016-0407 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusio… | |
| CVE-2016-3688 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. | |
| CVE-2016-3950 | medium | 6.5 | 6.5 | 10y ago | Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | |
| CVE-2016-1654 | medium | 6.5 | 6.5 | 10y ago | The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk… | |
| CVE-2016-2411 | medium | 6.5 | 6.5 | 10y ago | A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. | |
| CVE-2016-2191 | medium | 6.5 | 6.5 | 10y ago | The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a craf… | |
| CVE-2016-0775 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |
| CVE-2016-0740 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |
| CVE-2016-0161 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-015… | |
| CVE-2016-0158 | medium | 6.5 | 6.5 | 10y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-016… | |
| CVE-2016-2166 | medium | 6.5 | 6.5 | 10y ago | Moderate severity vulnerability that affects org.apache.qpid:proton-j | |
| CVE-2016-3985 | medium | 6.5 | 6.5 | 10y ago | The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access re… | |
| CVE-2016-0784 | medium | 6.5 | 6.5 | 10y ago | Apache OpenMeetings Directory Traversal vulnerability | |
| CVE-2016-2858 | medium | 6.5 | 6.5 | 10y ago | QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbit… | |
| CVE-2016-2292 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitra… | |
| CVE-2016-2291 | medium | 6.5 | 6.5 | 10y ago | Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of ser… | |
| CVE-2016-3118 | medium | 6.5 | 6.5 | 10y ago | CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified imp… | |
| CVE-2016-1366 | medium | 6.5 | 6.5 | 10y ago | The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denia… | |
| CVE-2016-1785 | medium | 6.5 | 6.5 | 10y ago | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Or… | |
| CVE-2016-1784 | medium | 6.5 | 6.5 | 10y ago | The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) … | |
| CVE-2016-1782 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a craf… | |
| CVE-2016-1779 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. | |
| CVE-2016-1771 | medium | 6.5 | 6.5 | 10y ago | The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | |
| CVE-2016-1770 | medium | 6.5 | 6.5 | 10y ago | The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | |
| CVE-2016-1994 | medium | 6.5 | 6.5 | 10y ago | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-1992 | medium | 6.5 | 6.5 | 10y ago | HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2016-2846 | medium | 6.5 | 6.5 | 10y ago | Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | |
| CVE-2016-1967 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform… | |
| CVE-2016-1956 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W… | |
| CVE-2016-0830 | medium | 6.5 | 6.5 | 10y ago | btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of config… | |
| CVE-2016-1338 | medium | 6.5 | 6.5 | 10y ago | Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |
| CVE-2016-0120 | medium | 6.5 | 6.5 | 10y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and… | |
| CVE-2016-1637 | medium | 6.5 | 6.5 | 10y ago | The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain se… | |
| CVE-2016-2232 | medium | 6.5 | 6.5 | 10y ago | Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to ca… | |
| CVE-2016-2037 | medium | 6.5 | 6.5 | 10y ago | The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | |
| CVE-2016-2398 | medium | 6.5 | 6.5 | 10y ago | Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 G… | |
| CVE-2016-1333 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OI… | |
| CVE-2016-1153 | medium | 6.5 | 6.5 | 10y ago | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. | |
| CVE-2016-1330 | medium | 6.5 | 6.5 | 10y ago | Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746. | |
| CVE-2016-1523 | medium | 6.5 | 6.5 | 10y ago | The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows… | |
| CVE-2016-2073 | medium | 6.5 | 6.5 | 10y ago | The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | |
| CVE-2016-0881 | medium | 6.5 | 6.5 | 10y ago | EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informati… | |
| CVE-2016-2089 | medium | 6.5 | 6.5 | 10y ago | The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2016-1308 | medium | 6.5 | 6.5 | 10y ago | SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | |
| CVE-2016-0862 | medium | 6.5 | 6.5 | 11y ago | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vec… | |
| CVE-2016-2213 | medium | 6.5 | 6.5 | 11y ago | The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | |
| CVE-2016-1938 | medium | 6.5 | 6.5 | 11y ago | The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier fo… | |
| CVE-2016-1933 | medium | 6.5 | 6.5 | 11y ago | Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted G… | |
| CVE-2016-1924 | medium | 6.5 | 6.5 | 11y ago | The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2016-1923 | medium | 6.5 | 6.5 | 11y ago | Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafte… | |
| CVE-2016-1618 | medium | 6.5 | 6.5 | 11y ago | Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat … | |
| CVE-2016-1615 | medium | 6.5 | 6.5 | 11y ago | The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. | |
| CVE-2016-0502 | medium | 6.5 | 6.5 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |
| CVE-2016-0489 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality… | |
| CVE-2016-0442 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality… | |
| CVE-2016-1867 | medium | 6.5 | 6.5 | 11y ago | The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2016-0777 | medium | 6.5 | 6.5 | 11y ago | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmiss… | |
| CVE-2016-1569 | medium | 6.5 | 6.5 | 11y ago | FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter. | |
| CVE-2016-8764 | medium | 6.4 | 6.4 | 9y ago | The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 a… | |
| CVE-2016-8353 | medium | 6.4 | 6.4 | 9y ago | An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |
| CVE-2016-0890 | medium | 6.4 | 6.4 | 9y ago | EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploite… | |
| CVE-2016-9962 | medium | 6.4 | 6.4 | 9y ago | RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-d… | |
| CVE-2016-7165 | medium | 6.4 | 6.4 | 10y ago | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), S… | |
| CVE-2016-5572 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |
| CVE-2016-5497 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |
| CVE-2016-5458 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and… | |
| CVE-2016-5454 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. | |
| CVE-2016-3572 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to … | |
| CVE-2016-4507 | medium | 6.4 | 6.4 | 10y ago | SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2016-3431 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and in… | |
| CVE-2016-3420 | medium | 6.4 | 6.4 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and in… | |
| CVE-2016-3168 | medium | 6.4 | 6.4 | 10y ago | Drupal Reflected file download vulnerability | |
| CVE-2016-3676 | medium | 6.4 | 6.4 | 10y ago | Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to… | |
| CVE-2016-3116 | medium | 6.4 | 6.4 | 10y ago | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |
| CVE-2016-3115 | medium | 6.4 | 6.4 | 10y ago | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re… | |
| CVE-2016-1358 | medium | 6.4 | 6.4 | 10y ago | Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration … | |
| CVE-2016-0589 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |
| CVE-2016-0581 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Approvals Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to AME … | |
| CVE-2016-0578 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to… | |
| CVE-2016-0576 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related t… | |
| CVE-2016-0563 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown … | |
| CVE-2016-0560 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect conf… |