CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2888 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows rem… | |||
| CVE-2016-0350 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows rem… | |||
| CVE-2016-0313 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows rem… | |||
| CVE-2016-0346 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authe… | |||
| CVE-2016-0221 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 befo… | |||
| CVE-2016-2883 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web s… | |||
| CVE-2016-0399 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbi… | |||
| CVE-2016-0387 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web s… | |||
| CVE-2016-5305 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web s… | |||
| CVE-2016-0322 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H… | |||
| CVE-2016-1229 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2016-2100 | medium | 5.4 | 5.4 | 10y ago | Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permissi… | |||
| CVE-2016-0390 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a cr… | |||
| CVE-2016-1207 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01… | |||
| CVE-2016-2011 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via uns… | |||
| CVE-2016-2010 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via uns… | |||
| CVE-2016-2817 | medium | 5.4 | 5.4 | 10y ago | The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs… | |||
| CVE-2016-1916 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by l… | |||
| CVE-2016-3460 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to… | |||
| CVE-2016-3442 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-3423 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-3417 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-0698 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-0696 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console. | |||
| CVE-2016-0685 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-0683 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integri… | |||
| CVE-2016-0680 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-0673 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UI… | |||
| CVE-2016-0468 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affe… | |||
| CVE-2016-0408 | medium | 5.4 | 5.4 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity … | |||
| CVE-2016-3144 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitra… | |||
| CVE-2016-2058 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is… | |||
| CVE-2016-2340 | medium | 5.4 | 5.4 | 10y ago | The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML ext… | |||
| CVE-2016-1786 | medium | 5.4 | 5.4 | 10y ago | The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the … | |||
| CVE-2016-2075 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via uns… | |||
| CVE-2016-0262 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inje… | |||
| CVE-2016-0227 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.… | |||
| CVE-2016-2561 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normal… | |||
| CVE-2016-2559 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i… | |||
| CVE-2016-0245 | medium | 5.4 | 5.4 | 10y ago | The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external e… | |||
| CVE-2016-2045 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON… | |||
| CVE-2016-2043 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject ar… | |||
| CVE-2016-2040 | medium | 5.4 | 5.4 | 10y ago | phpMyAdmin XSS Vulnerability | |||
| CVE-2016-1152 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CV… | |||
| CVE-2016-0882 | medium | 5.4 | 5.4 | 10y ago | EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunctio… | |||
| CVE-2016-1307 | medium | 5.4 | 5.4 | 11y ago | The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an… | |||
| CVE-2016-1730 | medium | 5.4 | 5.4 | 11y ago | WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||
| CVE-2016-1144 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or… | |||
| CVE-2016-1136 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1913 | medium | 5.4 | 5.4 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML… | |||
| CVE-2016-1912 | medium | 5.4 | 5.4 | 11y ago | Dolibarr ERP and CRM contain XSS Vulnerabilities | |||
| CVE-2016-0011 | medium | 5.4 | 5.4 | 11y ago | Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) a… | |||
| CVE-2016-1241 | medium | 5.3 | 5.3 | 4y ago | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. | |||
| CVE-2016-2140 | medium | 5.3 | 5.3 | 4y ago | The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users … | |||
| CVE-2016-20012 | medium | 5.3 | 5.3 | 5y ago | OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu… | |||
| CVE-2016-2964 | medium | 5.3 | 5.3 | 9y ago | IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. | |||
| CVE-2016-2971 | medium | 5.3 | 5.3 | 9y ago | IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. | |||
| CVE-2016-6311 | medium | 5.3 | 5.3 | 9y ago | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | |||
| CVE-2016-2102 | medium | 5.3 | 5.3 | 9y ago | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | |||
| CVE-2016-6794 | medium | 5.3 | 5.3 | 9y ago | System Property Disclosure in Apache Tomcat | |||
| CVE-2016-6083 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. | |||
| CVE-2016-9983 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. | |||
| CVE-2016-7832 | medium | 5.3 | 5.3 | 9y ago | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||
| CVE-2016-9736 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | |||
| CVE-2016-5648 | medium | 5.3 | 5.3 | 9y ago | Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||
| CVE-2016-9710 | medium | 5.3 | 5.3 | 9y ago | IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local syst… | |||
| CVE-2016-5959 | medium | 5.3 | 5.3 | 9y ago | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via se… | |||
| CVE-2016-6877 | medium | 5.3 | 5.3 | 9y ago | Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "o… | |||
| CVE-2016-3702 | medium | 5.3 | 5.3 | 9y ago | Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information. | |||
| CVE-2016-3731 | medium | 5.3 | 5.3 | 9y ago | Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | |||
| CVE-2016-4890 | medium | 5.3 | 5.3 | 9y ago | ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a co… | |||
| CVE-2016-8725 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without aut… | |||
| CVE-2016-8724 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an … | |||
| CVE-2016-8722 | medium | 5.3 | 5.3 | 9y ago | An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific… | |||
| CVE-2016-3106 | medium | 5.3 | 5.3 | 9y ago | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | |||
| CVE-2016-4894 | medium | 5.3 | 5.3 | 9y ago | SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2016-7467 | medium | 5.3 | 5.3 | 9y ago | The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic … | |||
| CVE-2016-9195 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS… | |||
| CVE-2016-8272 | medium | 5.3 | 5.3 | 9y ago | Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. | |||
| CVE-2016-8271 | medium | 5.3 | 5.3 | 9y ago | Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. | |||
| CVE-2016-9468 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partiall… | |||
| CVE-2016-9467 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parame… | |||
| CVE-2016-9460 | medium | 5.3 | 5.3 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. … | |||
| CVE-2016-9129 | medium | 5.3 | 5.3 | 9y ago | Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Rev… | |||
| CVE-2016-8018 | medium | 4.3 | 5.3 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr… | |||
| CVE-2016-9725 | medium | 5.3 | 5.3 | 9y ago | IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate … | |||
| CVE-2016-9720 | medium | 5.3 | 5.3 | 9y ago | IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533. | |||
| CVE-2016-4947 | medium | 5.3 | 5.3 | 9y ago | Cloudera HUE Account Enumeration | |||
| CVE-2016-4042 | medium | 5.3 | 5.3 | 9y ago | Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | |||
| CVE-2016-6249 | medium | 5.3 | 5.3 | 9y ago | F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may all… | |||
| CVE-2016-7651 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass inten… | |||
| CVE-2016-6077 | medium | 5.3 | 5.3 | 9y ago | IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||
| CVE-2016-9355 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Ala… | |||
| CVE-2016-9357 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAM… | |||
| CVE-2016-9346 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. | |||
| CVE-2016-9339 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elem… | |||
| CVE-2016-8367 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versio… | |||
| CVE-2016-5813 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used … | |||
| CVE-2016-2787 | medium | 5.3 | 5.3 | 9y ago | The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs… | |||
| CVE-2016-9686 | medium | 5.3 | 5.3 | 9y ago | The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is … |