CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2387 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or … | |||
| CVE-2016-1331 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID C… | |||
| CVE-2016-0866 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web … | |||
| CVE-2016-0955 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled i… | |||
| CVE-2016-0039 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Mi… | |||
| CVE-2016-1318 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… | |||
| CVE-2016-2214 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitr… | |||
| CVE-2016-1309 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01… | |||
| CVE-2016-1305 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… | |||
| CVE-2016-0813 | medium | 6.1 | 6.1 | 11y ago | packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device pro… | |||
| CVE-2016-0812 | medium | 6.1 | 6.1 | 11y ago | The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does n… | |||
| CVE-2016-1311 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… | |||
| CVE-2016-1310 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | |||
| CVE-2016-1306 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | |||
| CVE-2016-1941 | medium | 6.1 | 6.1 | 11y ago | The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger… | |||
| CVE-2016-1937 | medium | 6.1 | 6.1 | 11y ago | The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a do… | |||
| CVE-2016-1143 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1140 | medium | 6.1 | 6.1 | 11y ago | KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-1488 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbi… | |||
| CVE-2016-1304 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||
| CVE-2016-1300 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||
| CVE-2016-0209 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1926 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_t… | |||
| CVE-2016-1492 | medium | 6.1 | 6.1 | 11y ago | The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragi… | |||
| CVE-2016-1298 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… | |||
| CVE-2016-1135 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlie… | |||
| CVE-2016-0418 | medium | — | 6.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerabi… | |||
| CVE-2016-1294 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… | |||
| CVE-2016-1293 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-1911 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pm… | |||
| CVE-2016-0032 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to i… | |||
| CVE-2016-0031 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-0030 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0029 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange … | |||
| CVE-2016-1565 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject ar… | |||
| CVE-2016-1498 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attack… | |||
| CVE-2016-10155 | medium | 6.0 | 6.0 | 9y ago | Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large… | |||
| CVE-2016-8021 | medium | 5.0 | 6.0 | 9y ago | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe… | |||
| CVE-2016-10024 | medium | 6.0 | 6.0 | 10y ago | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kern… | |||
| CVE-2016-9385 | medium | 6.0 | 6.0 | 10y ago | The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical add… | |||
| CVE-2016-7995 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large numbe… | |||
| CVE-2016-7994 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption… | |||
| CVE-2016-7466 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consump… | |||
| CVE-2016-7422 | medium | 6.0 | 6.0 | 10y ago | The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) … | |||
| CVE-2016-7116 | medium | 6.0 | 6.0 | 10y ago | Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified s… | |||
| CVE-2016-6836 | medium | 6.0 | 6.0 | 10y ago | The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initial… | |||
| CVE-2016-6835 | medium | 6.0 | 6.0 | 10y ago | The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging fail… | |||
| CVE-2016-4964 | medium | 6.0 | 6.0 | 10y ago | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU proce… | |||
| CVE-2016-9106 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to fre… | |||
| CVE-2016-9105 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a refer… | |||
| CVE-2016-9103 | medium | 6.0 | 6.0 | 10y ago | The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before wr… | |||
| CVE-2016-9102 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash)… | |||
| CVE-2016-9101 | medium | 6.0 | 6.0 | 10y ago | Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an… | |||
| CVE-2016-8910 | medium | 6.0 | 6.0 | 10y ago | The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin… | |||
| CVE-2016-8909 | medium | 6.0 | 6.0 | 10y ago | The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit… | |||
| CVE-2016-8669 | medium | 6.0 | 6.0 | 10y ago | The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) … | |||
| CVE-2016-8668 | medium | 6.0 | 6.0 | 10y ago | The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by l… | |||
| CVE-2016-8667 | medium | 6.0 | 6.0 | 10y ago | The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large i… | |||
| CVE-2016-8578 | medium | 6.0 | 6.0 | 10y ago | The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cr… | |||
| CVE-2016-8577 | medium | 6.0 | 6.0 | 10y ago | Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O… | |||
| CVE-2016-8576 | medium | 6.0 | 6.0 | 10y ago | The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f… | |||
| CVE-2016-5516 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. | |||
| CVE-2016-0079 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi… | |||
| CVE-2016-0073 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-5107 | medium | 6.0 | 6.0 | 10y ago | The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds re… | |||
| CVE-2016-5106 | medium | 6.0 | 6.0 | 10y ago | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of … | |||
| CVE-2016-4952 | medium | 6.0 | 6.0 | 10y ago | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vec… | |||
| CVE-2016-4509 | medium | 6.0 | 6.0 | 10y ago | Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||
| CVE-2016-2841 | medium | 6.0 | 6.0 | 10y ago | The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU proces… | |||
| CVE-2016-4454 | medium | 6.0 | 6.0 | 10y ago | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash)… | |||
| CVE-2016-4037 | medium | 6.0 | 6.0 | 10y ago | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous tra… | |||
| CVE-2016-4441 | medium | 6.0 | 6.0 | 10y ago | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of servi… | |||
| CVE-2016-0697 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity v… | |||
| CVE-2016-0669 | medium | 6.0 | 6.0 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | |||
| CVE-2016-0425 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availab… | |||
| CVE-2016-8738 | medium | 5.9 | 5.9 | 9y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-10511 | medium | 5.9 | 5.9 | 9y ago | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the abili… | |||
| CVE-2016-6029 | medium | 5.9 | 5.9 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.… | |||
| CVE-2016-0762 | medium | 5.9 | 5.9 | 9y ago | Observable Discrepancy in Apache Tomcat | |||
| CVE-2016-9972 | medium | 5.9 | 5.9 | 9y ago | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8746 | medium | 5.9 | 5.9 | 9y ago | Apache Ranger policy engine incorrectly matches paths in certain conditions | |||
| CVE-2016-7816 | medium | 5.9 | 5.9 | 9y ago | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… | |||
| CVE-2016-7805 | medium | 5.9 | 5.9 | 9y ago | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke… | |||
| CVE-2016-7055 | medium | 5.9 | 5.9 | 9y ago | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bi… | |||
| CVE-2016-5810 | medium | 4.9 | 5.9 | 9y ago | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | |||
| CVE-2016-4467 | medium | 5.9 | 5.9 | 9y ago | The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name … | |||
| CVE-2016-8962 | medium | 5.9 | 5.9 | 9y ago | IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||
| CVE-2016-5016 | medium | 5.9 | 5.9 | 9y ago | Cloud Foundry vulnerable to Improper Certificate Validation | |||
| CVE-2016-2564 | medium | 5.9 | 5.9 | 9y ago | Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board… | |||
| CVE-2016-1519 | medium | 5.9 | 5.9 | 9y ago | The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grands… | |||
| CVE-2016-1221 | medium | 5.9 | 5.9 | 9y ago | Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific… | |||
| CVE-2016-1210 | medium | 5.9 | 5.9 | 9y ago | The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2016-1198 | medium | 5.9 | 5.9 | 9y ago | Photopt for Android before 2.0.1 does not verify SSL certificates. | |||
| CVE-2016-1186 | medium | 5.9 | 5.9 | 9y ago | Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||
| CVE-2016-4840 | medium | 5.9 | 5.9 | 9y ago | Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | |||
| CVE-2016-4832 | medium | 5.9 | 5.9 | 9y ago | WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||
| CVE-2016-4830 | medium | 5.9 | 5.9 | 9y ago | Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | |||
| CVE-2016-4829 | medium | 5.9 | 5.9 | 9y ago | DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||
| CVE-2016-1184 | medium | 5.9 | 5.9 | 9y ago | Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||
| CVE-2016-4818 | medium | 5.9 | 5.9 | 9y ago | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. |