CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0210 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to … | |||
| CVE-2016-3124 | medium | 5.3 | 5.3 | 9y ago | The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | |||
| CVE-2016-9772 | medium | 5.3 | 5.3 | 9y ago | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC re… | |||
| CVE-2016-6099 | medium | 5.3 | 5.3 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. | |||
| CVE-2016-8982 | medium | 5.3 | 5.3 | 10y ago | IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea… | |||
| CVE-2016-8977 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | |||
| CVE-2016-6117 | medium | 5.3 | 5.3 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. | |||
| CVE-2016-6080 | medium | 5.3 | 5.3 | 10y ago | The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | |||
| CVE-2016-5896 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. | |||
| CVE-2016-3035 | medium | 5.3 | 5.3 | 10y ago | IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. | |||
| CVE-2016-3023 | medium | 5.3 | 5.3 | 10y ago | IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. | |||
| CVE-2016-9411 | medium | 5.3 | 5.3 | 10y ago | The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails. | |||
| CVE-2016-2217 | medium | 5.3 | 5.3 | 10y ago | The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | |||
| CVE-2016-2518 | medium | 5.3 | 5.3 | 10y ago | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||
| CVE-2016-2517 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending… | |||
| CVE-2016-2516 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directi… | |||
| CVE-2016-8324 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily ex… | |||
| CVE-2016-8317 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,… | |||
| CVE-2016-8307 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-8300 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-5552 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embed… | |||
| CVE-2016-5547 | medium | 5.3 | 5.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u1… | |||
| CVE-2016-9216 | medium | 5.3 | 5.3 | 10y ago | An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More … | |||
| CVE-2016-8644 | medium | 5.3 | 5.3 | 10y ago | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | |||
| CVE-2016-8642 | medium | 5.3 | 5.3 | 10y ago | Moodle Unauthenticated Access | |||
| CVE-2016-5012 | medium | 5.3 | 5.3 | 10y ago | Moodle Glossary search displays entries without checking user permissions to view them | |||
| CVE-2016-9677 | medium | 5.3 | 5.3 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||
| CVE-2016-7433 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include t… | |||
| CVE-2016-7431 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | |||
| CVE-2016-8605 | medium | 5.3 | 5.3 | 10y ago | The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permi… | |||
| CVE-2016-6771 | medium | 5.3 | 5.3 | 10y ago | An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a loc… | |||
| CVE-2016-2375 | medium | 5.3 | 5.3 | 10y ago | An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||
| CVE-2016-1550 | medium | 5.3 | 5.3 | 10y ago | An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted … | |||
| CVE-2016-1547 | medium | 5.3 | 5.3 | 10y ago | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a vi… | |||
| CVE-2016-10100 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive. | |||
| CVE-2016-10099 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | |||
| CVE-2016-7087 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via … | |||
| CVE-2016-5334 | medium | 5.3 | 5.3 | 10y ago | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||
| CVE-2016-10072 | medium | 5.3 | 5.3 | 10y ago | WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co… | |||
| CVE-2016-7281 | medium | 5.3 | 5.3 | 10y ago | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Sec… | |||
| CVE-2016-7278 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosu… | |||
| CVE-2016-5186 | medium | 5.3 | 5.3 | 10y ago | multiple issues in chromium | |||
| CVE-2016-7888 | medium | 5.3 | 5.3 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||
| CVE-2016-6313 | medium | 5.3 | 5.3 | 10y ago | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of … | |||
| CVE-2016-9938 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si… | |||
| CVE-2016-9859 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi… | |||
| CVE-2016-9858 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4… | |||
| CVE-2016-9855 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9854 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9853 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin path disclosure | |||
| CVE-2016-9852 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9851 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin Bypass logout timeout | |||
| CVE-2016-9850 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x v… | |||
| CVE-2016-9848 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4… | |||
| CVE-2016-9847 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… | |||
| CVE-2016-6627 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.… | |||
| CVE-2016-6613 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… | |||
| CVE-2016-9804 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lac… | |||
| CVE-2016-9803 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from '… | |||
| CVE-2016-9802 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon… | |||
| CVE-2016-9801 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||
| CVE-2016-9800 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to la… | |||
| CVE-2016-9799 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||
| CVE-2016-9798 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump… | |||
| CVE-2016-9797 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidu… | |||
| CVE-2016-5987 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers … | |||
| CVE-2016-5890 | medium | 5.3 | 5.3 | 10y ago | IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||
| CVE-2016-2940 | medium | 5.3 | 5.3 | 10y ago | Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2016-2935 | medium | 5.3 | 5.3 | 10y ago | The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | |||
| CVE-2016-2932 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||
| CVE-2016-2931 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-5968 | medium | 5.3 | 5.3 | 10y ago | The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… | |||
| CVE-2016-8672 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SI… | |||
| CVE-2016-6463 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-6462 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-9286 | medium | 5.3 | 5.3 | 10y ago | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as d… | |||
| CVE-2016-9285 | medium | 5.3 | 5.3 | 10y ago | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1,… | |||
| CVE-2016-9284 | medium | 5.3 | 5.3 | 10y ago | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||
| CVE-2016-7209 | medium | 5.3 | 5.3 | 10y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||
| CVE-2016-8875 | medium | 5.3 | 5.3 | 10y ago | The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application … | |||
| CVE-2016-9118 | medium | 5.3 | 5.3 | 10y ago | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||
| CVE-2016-8501 | medium | 5.3 | 5.3 | 10y ago | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||
| CVE-2016-5583 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unk… | |||
| CVE-2016-5575 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentia… | |||
| CVE-2016-5566 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5532 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via v… | |||
| CVE-2016-5524 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-5510 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5488 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-5487 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-1000214 | medium | 5.3 | 5.3 | 10y ago | Ruckus Wireless H500 web management interface authentication bypass | |||
| CVE-2016-3392 | medium | 5.3 | 5.3 | 10y ago | The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Micr… | |||
| CVE-2016-3391 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure… | |||
| CVE-2016-3267 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosur… | |||
| CVE-2016-6026 | medium | 5.3 | 5.3 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… | |||
| CVE-2016-6421 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | |||
| CVE-2016-6636 | medium | 5.3 | 5.3 | 10y ago | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elasti… | |||
| CVE-2016-6146 | medium | 5.3 | 5.3 | 10y ago | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||
| CVE-2016-4748 | medium | 5.3 | 5.3 | 10y ago | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||
| CVE-2016-4745 | medium | 5.3 | 5.3 | 10y ago | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user a… |