CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5176 | medium | 6.5 | 6.5 | 10y ago | Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | |||
| CVE-2016-7498 | medium | 6.5 | 6.5 | 10y ago | OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances wh… | |||
| CVE-2016-6038 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a… | |||
| CVE-2016-6901 | medium | 6.5 | 6.5 | 10y ago | Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers wi… | |||
| CVE-2016-6827 | medium | 6.5 | 6.5 | 10y ago | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-6826 | medium | 6.5 | 6.5 | 10y ago | Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | |||
| CVE-2016-5997 | medium | 6.5 | 6.5 | 10y ago | The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.122… | |||
| CVE-2016-5970 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot do… | |||
| CVE-2016-5946 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot… | |||
| CVE-2016-2999 | medium | 6.5 | 6.5 | 10y ago | IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. | |||
| CVE-2016-5174 | medium | 6.5 | 6.5 | 10y ago | browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers t… | |||
| CVE-2016-5172 | medium | 6.5 | 6.5 | 10y ago | The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted Ja… | |||
| CVE-2016-4760 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 s… | |||
| CVE-2016-4758 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive info… | |||
| CVE-2016-4718 | medium | 6.5 | 6.5 | 10y ago | Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted… | |||
| CVE-2016-4708 | medium | 6.5 | 6.5 | 10y ago | CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted … | |||
| CVE-2016-6412 | medium | 6.5 | 6.5 | 10y ago | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via c… | |||
| CVE-2016-6410 | medium | 6.5 | 6.5 | 10y ago | The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecifi… | |||
| CVE-2016-5282 | medium | 6.5 | 6.5 | 10y ago | multiple issues in firefox | |||
| CVE-2016-5271 | medium | 6.5 | 6.5 | 10y ago | multiple issues in firefox | |||
| CVE-2016-2827 | medium | 6.5 | 6.5 | 10y ago | The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security … | |||
| CVE-2016-6824 | medium | 6.5 | 6.5 | 10y ago | Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP pa… | |||
| CVE-2016-5844 | medium | 6.5 | 6.5 | 10y ago | Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | |||
| CVE-2016-4968 | medium | 6.5 | 6.5 | 10y ago | The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | |||
| CVE-2016-4967 | medium | 6.5 | 6.5 | 10y ago | Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCA… | |||
| CVE-2016-4966 | medium | 6.5 | 6.5 | 10y ago | The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | |||
| CVE-2016-0921 | medium | 6.5 | 6.5 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by repl… | |||
| CVE-2016-6405 | medium | 6.5 | 6.5 | 10y ago | Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | |||
| CVE-2016-4278 | medium | 6.5 | 6.5 | 10y ago | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2016-4277 | medium | 6.5 | 6.5 | 10y ago | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2016-4271 | medium | 6.5 | 6.5 | 10y ago | Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2016-3374 | medium | 6.5 | 6.5 | 10y ago | The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a craf… | |||
| CVE-2016-3373 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe… | |||
| CVE-2016-3371 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe… | |||
| CVE-2016-3370 | medium | 6.5 | 6.5 | 10y ago | The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a craf… | |||
| CVE-2016-3366 | medium | 6.5 | 6.5 | 10y ago | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass… | |||
| CVE-2016-0141 | medium | 6.5 | 6.5 | 10y ago | The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive … | |||
| CVE-2016-5954 | medium | 6.5 | 6.5 | 10y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a… | |||
| CVE-2016-4852 | medium | 6.5 | 6.5 | 10y ago | YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers … | |||
| CVE-2016-5162 | medium | 6.5 | 6.5 | 10y ago | The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a… | |||
| CVE-2016-5160 | medium | 6.5 | 6.5 | 10y ago | The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a… | |||
| CVE-2016-5155 | medium | 6.5 | 6.5 | 10y ago | Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address ba… | |||
| CVE-2016-1280 | medium | 6.5 | 6.5 | 10y ago | PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 … | |||
| CVE-2016-1275 | medium | 6.5 | 6.5 | 10y ago | Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting… | |||
| CVE-2016-5404 | medium | 6.5 | 6.5 | 10y ago | The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certifi… | |||
| CVE-2016-7108 | medium | 6.5 | 6.5 | 10y ago | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | |||
| CVE-2016-6345 | medium | 6.5 | 6.5 | 10y ago | Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy | |||
| CVE-2016-1415 | medium | 5.5 | 6.5 | 10y ago | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. | |||
| CVE-2016-6376 | medium | 6.5 | 6.5 | 10y ago | The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows r… | |||
| CVE-2016-5047 | medium | 6.5 | 6.5 | 10y ago | NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-3064 | medium | 6.5 | 6.5 | 10y ago | NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | |||
| CVE-2016-1477 | medium | 6.5 | 6.5 | 10y ago | Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. | |||
| CVE-2016-6363 | medium | 6.5 | 6.5 | 10y ago | The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… | |||
| CVE-2016-6361 | medium | 6.5 | 6.5 | 10y ago | The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… | |||
| CVE-2016-4376 | medium | 6.5 | 6.5 | 10y ago | HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5845 | medium | 5.5 | 6.5 | 10y ago | SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive … | |||
| CVE-2016-6214 | medium | 6.5 | 6.5 | 10y ago | gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||
| CVE-2016-6207 | medium | 6.5 | 6.5 | 10y ago | Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory… | |||
| CVE-2016-6161 | medium | 6.5 | 6.5 | 10y ago | The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | |||
| CVE-2016-6132 | medium | 6.5 | 6.5 | 10y ago | The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||
| CVE-2016-2989 | medium | 6.5 | 6.5 | 10y ago | Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2016-0361 | medium | 6.5 | 6.5 | 10y ago | IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticate… | |||
| CVE-2016-5412 | medium | 6.5 | 6.5 | 10y ago | arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infi… | |||
| CVE-2016-5392 | medium | 6.5 | 6.5 | 10y ago | The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive pr… | |||
| CVE-2016-5260 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords… | |||
| CVE-2016-2839 | medium | 6.5 | 6.5 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allo… | |||
| CVE-2016-6257 | medium | 6.5 | 6.5 | 10y ago | The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementin… | |||
| CVE-2016-3120 | medium | 6.5 | 6.5 | 10y ago | The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses… | |||
| CVE-2016-1605 | medium | 6.5 | 6.5 | 10y ago | Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileT… | |||
| CVE-2016-1467 | medium | 6.5 | 6.5 | 10y ago | Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. | |||
| CVE-2016-1465 | medium | 6.5 | 6.5 | 10y ago | Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Dis… | |||
| CVE-2016-1460 | medium | 6.5 | 6.5 | 10y ago | Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. | |||
| CVE-2016-6292 | medium | 6.5 | 6.5 | 10y ago | The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereferenc… | |||
| CVE-2016-5135 | medium | 6.5 | 6.5 | 10y ago | WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload re… | |||
| CVE-2016-5130 | medium | 6.5 | 6.5 | 10y ago | content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL dis… | |||
| CVE-2016-1707 | medium | 6.5 | 6.5 | 10y ago | ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof… | |||
| CVE-2016-4646 | medium | 6.5 | 6.5 | 10y ago | Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |||
| CVE-2016-4605 | medium | 6.5 | 6.5 | 10y ago | Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||
| CVE-2016-4592 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. | |||
| CVE-2016-4587 | medium | 6.5 | 6.5 | 10y ago | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. | |||
| CVE-2016-5470 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Appli… | |||
| CVE-2016-5461 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |||
| CVE-2016-5448 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. | |||
| CVE-2016-3537 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to Fi… | |||
| CVE-2016-3521 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |||
| CVE-2016-3518 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-3514 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali… | |||
| CVE-2016-3513 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality… | |||
| CVE-2016-3502 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availab… | |||
| CVE-2016-3501 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |||
| CVE-2016-3494 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vector… | |||
| CVE-2016-3486 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | |||
| CVE-2016-3476 | medium | 6.5 | 6.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Conso… | |||
| CVE-2016-5653 | medium | 6.5 | 6.5 | 10y ago | Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |||
| CVE-2016-2865 | medium | 6.5 | 6.5 | 10y ago | The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x bef… | |||
| CVE-2016-1452 | medium | 6.5 | 6.5 | 10y ago | Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||
| CVE-2016-3271 | medium | 6.5 | 6.5 | 10y ago | The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||
| CVE-2016-3245 | medium | 6.5 | 6.5 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass… | |||
| CVE-2016-5009 | medium | 6.5 | 6.5 | 10y ago | The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | |||
| CVE-2016-0314 | medium | 6.5 | 6.5 | 10y ago | The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacki… |