CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0771 | medium | 5.9 | 5.9 | 10y ago | The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial… | |||
| CVE-2016-0818 | medium | 5.9 | 5.9 | 10y ago | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinctio… | |||
| CVE-2016-2774 | medium | 5.9 | 5.9 | 10y ago | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertio… | |||
| CVE-2016-2244 | medium | 5.9 | 5.9 | 10y ago | HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0704 | medium | 5.9 | 5.9 | 10y ago | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0… | |||
| CVE-2016-0703 | medium | 5.9 | 5.9 | 10y ago | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTE… | |||
| CVE-2016-2532 | medium | 5.9 | 5.9 | 10y ago | The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows … | |||
| CVE-2016-2531 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds rea… | |||
| CVE-2016-2530 | medium | 5.9 | 5.9 | 10y ago | The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, wh… | |||
| CVE-2016-2528 | medium | 5.9 | 5.9 | 10y ago | The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denia… | |||
| CVE-2016-2526 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read… | |||
| CVE-2016-2525 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory con… | |||
| CVE-2016-2524 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) vi… | |||
| CVE-2016-2523 | medium | 5.9 | 5.9 | 10y ago | The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of servic… | |||
| CVE-2016-2522 | medium | 5.9 | 5.9 | 10y ago | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allow… | |||
| CVE-2016-2316 | medium | 5.9 | 5.9 | 10y ago | chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf… | |||
| CVE-2016-1987 | medium | 5.9 | 5.9 | 10y ago | HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | |||
| CVE-2016-1284 | medium | 5.9 | 5.9 | 11y ago | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daem… | |||
| CVE-2016-2047 | medium | 5.9 | 5.9 | 11y ago | The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 … | |||
| CVE-2016-0201 | medium | 5.9 | 5.9 | 11y ago | GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | |||
| CVE-2016-1262 | medium | 5.9 | 5.9 | 11y ago | Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application La… | |||
| CVE-2016-1257 | medium | 5.9 | 5.9 | 11y ago | The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.… | |||
| CVE-2016-1231 | medium | 5.9 | 5.9 | 11y ago | Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified p… | |||
| CVE-2016-5237 | medium | 4.8 | 5.8 | 10y ago | Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse … | |||
| CVE-2016-4807 | medium | 4.8 | 5.8 | 10y ago | Web2py Reflected XSS vulnerability | |||
| CVE-2016-7458 | medium | 5.8 | 5.8 | 10y ago | VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjun… | |||
| CVE-2016-4046 | medium | 5.8 | 5.8 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of th… | |||
| CVE-2016-5477 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3608 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3529 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3467 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-4500 | medium | 5.8 | 5.8 | 10y ago | Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||
| CVE-2016-4788 | medium | 5.8 | 5.8 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||
| CVE-2016-1321 | medium | 5.8 | 5.8 | 10y ago | Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature a… | |||
| CVE-2016-0475 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality… | |||
| CVE-2016-9719 | medium | 5.7 | 5.7 | 9y ago | IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… | |||
| CVE-2016-3037 | medium | 5.7 | 5.7 | 9y ago | IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM … | |||
| CVE-2016-8790 | medium | 5.7 | 5.7 | 9y ago | Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with… | |||
| CVE-2016-5941 | medium | 5.7 | 5.7 | 10y ago | IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra… | |||
| CVE-2016-3060 | medium | 5.7 | 5.7 | 10y ago | Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote aut… | |||
| CVE-2016-5602 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affec… | |||
| CVE-2016-5537 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous i… | |||
| CVE-2016-5947 | medium | 5.7 | 5.7 | 10y ago | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||
| CVE-2016-3472 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect conf… | |||
| CVE-2016-2206 | medium | 5.7 | 5.7 | 10y ago | The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.… | |||
| CVE-2016-2205 | medium | 5.7 | 5.7 | 10y ago | Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symante… | |||
| CVE-2016-2784 | medium | 4.7 | 5.7 | 10y ago | CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS)… | |||
| CVE-2016-3464 | medium | 5.7 | 5.7 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related … | |||
| CVE-2016-2116 | medium | 5.7 | 5.7 | 10y ago | Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG… | |||
| CVE-2016-1156 | medium | 5.7 | 5.7 | 10y ago | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displ… | |||
| CVE-2016-8924 | medium | 5.6 | 5.6 | 9y ago | IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit th… | |||
| CVE-2016-3176 | medium | 5.6 | 5.6 | 10y ago | Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … | |||
| CVE-2016-7171 | medium | 5.6 | 5.6 | 10y ago | NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||
| CVE-2016-5598 | medium | 5.6 | 5.6 | 10y ago | Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via v… | |||
| CVE-2016-6652 | medium | 5.6 | 5.6 | 10y ago | Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA | |||
| CVE-2016-0339 | medium | 5.6 | 5.6 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to s… | |||
| CVE-2016-4825 | medium | 5.6 | 5.6 | 10y ago | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | |||
| CVE-2016-4811 | medium | 5.6 | 5.6 | 10y ago | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified… | |||
| CVE-2016-5242 | medium | 5.6 | 5.6 | 10y ago | The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS … | |||
| CVE-2016-0264 | medium | 5.6 | 5.6 | 10y ago | Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP… | |||
| CVE-2016-3140 | medium | 4.6 | 5.6 | 10y ago | The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… | |||
| CVE-2016-3136 | medium | 4.6 | 5.6 | 10y ago | The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… | |||
| CVE-2016-2188 | medium | 4.6 | 5.6 | 10y ago | The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c… | |||
| CVE-2016-3139 | medium | 4.6 | 5.6 | 10y ago | The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr… | |||
| CVE-2016-2782 | medium | 4.6 | 5.6 | 10y ago | The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or… | |||
| CVE-2016-2384 | medium | 4.6 | 5.6 | 10y ago | Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly … | |||
| CVE-2016-2184 | medium | 4.6 | 5.6 | 10y ago | The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin… | |||
| CVE-2016-9594 | medium | — | 5.5 | — | curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes … | |||
| CVE-2016-9586 | medium | — | 5.5 | — | curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts… | |||
| CVE-2016-7072 | medium | — | 5.5 | — | An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections … | |||
| CVE-2016-7068 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the Power… | |||
| CVE-2016-7074 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf… | |||
| CVE-2016-7073 | medium | — | 5.5 | — | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf… | |||
| CVE-2016-9063 | medium | — | 5.5 | — | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | |||
| CVE-2016-2120 | medium | — | 5.5 | — | An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone u… | |||
| CVE-2016-7056 | medium | — | 5.5 | — | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | |||
| CVE-2016-3709 | medium | — | 5.5 | 4y ago | RHSA-2022:7715: libxml2 security update (Moderate) | |||
| CVE-2016-2048 | medium | 5.5 | 5.5 | 4y ago | Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option … | |||
| CVE-2016-10739 | medium | — | 5.5 | 7y ago | RHSA-2019:3513: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-3695 | medium | 5.5 | 5.5 | 9y ago | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disab… | |||
| CVE-2016-4924 | medium | 5.5 | 5.5 | 9y ago | An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information conta… | |||
| CVE-2016-5001 | medium | 5.5 | 5.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop | |||
| CVE-2016-0354 | medium | 5.5 | 5.5 | 9y ago | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which coul… | |||
| CVE-2016-6310 | medium | 5.5 | 5.5 | 9y ago | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | |||
| CVE-2016-7844 | medium | 5.5 | 5.5 | 9y ago | GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||
| CVE-2016-5893 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. | |||
| CVE-2016-10337 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. | |||
| CVE-2016-10336 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||
| CVE-2016-10335 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | |||
| CVE-2016-10334 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||
| CVE-2016-10333 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | |||
| CVE-2016-10332 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | |||
| CVE-2016-3696 | medium | 5.5 | 5.5 | 9y ago | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||
| CVE-2016-3095 | medium | 5.5 | 5.5 | 9y ago | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||
| CVE-2016-3111 | medium | 5.5 | 5.5 | 9y ago | pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before late… | |||
| CVE-2016-3107 | medium | 5.5 | 5.5 | 9y ago | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitiv… | |||
| CVE-2016-8939 | medium | 5.5 | 5.5 | 9y ago | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. | |||
| CVE-2016-6089 | medium | 5.5 | 5.5 | 9y ago | IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. | |||
| CVE-2016-5960 | medium | 5.5 | 5.5 | 9y ago | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. | |||
| CVE-2016-9960 | medium | 5.5 | 5.5 | 9y ago | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |