CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6805 | medium | 5.9 | 5.9 | 9y ago | Moderate severity vulnerability that affects org.apache.ignite:ignite-core | |||
| CVE-2016-10319 | medium | 5.9 | 5.9 | 9y ago | In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involvin… | |||
| CVE-2016-8795 | medium | 5.9 | 5.9 | 9y ago | Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,… | |||
| CVE-2016-9319 | medium | 5.9 | 5.9 | 9y ago | There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||
| CVE-2016-7541 | medium | 5.9 | 5.9 | 9y ago | Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.… | |||
| CVE-2016-10130 | medium | 5.9 | 5.9 | 9y ago | The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variabl… | |||
| CVE-2016-6225 | medium | 5.9 | 5.9 | 9y ago | xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain … | |||
| CVE-2016-7468 | medium | 5.9 | 5.9 | 9y ago | An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated… | |||
| CVE-2016-9245 | medium | 5.9 | 5.9 | 9y ago | In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settin… | |||
| CVE-2016-6882 | medium | 5.9 | 5.9 | 9y ago | MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack. | |||
| CVE-2016-9892 | medium | 5.9 | 5.9 | 9y ago | The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL s… | |||
| CVE-2016-10228 | medium | 5.9 | 5.9 | 9y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2016-3052 | medium | 5.9 | 5.9 | 9y ago | Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | |||
| CVE-2016-7636 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which … | |||
| CVE-2016-7579 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component,… | |||
| CVE-2016-4721 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle… | |||
| CVE-2016-4685 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||
| CVE-2016-8652 | medium | 5.9 | 5.9 | 9y ago | The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||
| CVE-2016-4314 | medium | 4.9 | 5.9 | 9y ago | WSO2 Carbon directory traversal vulnerability | |||
| CVE-2016-1249 | medium | 5.9 | 5.9 | 9y ago | The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned n… | |||
| CVE-2016-5900 | medium | 5.9 | 5.9 | 9y ago | IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attac… | |||
| CVE-2016-8492 | medium | 5.9 | 5.9 | 9y ago | The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||
| CVE-2016-10213 | medium | 5.9 | 5.9 | 9y ago | A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by le… | |||
| CVE-2016-10212 | medium | 5.9 | 5.9 | 9y ago | Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-02… | |||
| CVE-2016-0270 | medium | 5.9 | 5.9 | 9y ago | IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the au… | |||
| CVE-2016-6495 | medium | 5.9 | 5.9 | 9y ago | NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||
| CVE-2016-6116 | medium | 5.9 | 5.9 | 10y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could … | |||
| CVE-2016-5935 | medium | 5.9 | 5.9 | 10y ago | IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabi… | |||
| CVE-2016-8966 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab… | |||
| CVE-2016-8918 | medium | 5.9 | 5.9 | 10y ago | IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||
| CVE-2016-5966 | medium | 5.9 | 5.9 | 10y ago | IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An a… | |||
| CVE-2016-3043 | medium | 5.9 | 5.9 | 10y ago | IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t… | |||
| CVE-2016-9963 | medium | 5.9 | 5.9 | 10y ago | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||
| CVE-2016-6329 | medium | 5.9 | 5.9 | 10y ago | OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-ov… | |||
| CVE-2016-5117 | medium | 5.9 | 5.9 | 10y ago | OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid… | |||
| CVE-2016-2402 | medium | 5.9 | 5.9 | 10y ago | Improper Certificate Validation in OkHttp | |||
| CVE-2016-2519 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a… | |||
| CVE-2016-5876 | medium | 5.9 | 5.9 | 10y ago | ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | |||
| CVE-2016-10104 | medium | 5.9 | 5.9 | 10y ago | Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP… | |||
| CVE-2016-9311 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | |||
| CVE-2016-8671 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: … | |||
| CVE-2016-6887 | medium | 5.9 | 5.9 | 10y ago | The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | |||
| CVE-2016-10027 | medium | 5.9 | 5.9 | 10y ago | Smack allows the bypass of TLS protections | |||
| CVE-2016-9247 | medium | 5.9 | 5.9 | 10y ago | Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microke… | |||
| CVE-2016-8106 | medium | 5.9 | 5.9 | 10y ago | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic worki… | |||
| CVE-2016-2373 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2372 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2370 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A maliciou… | |||
| CVE-2016-2369 | medium | 5.9 | 5.9 | 10y ago | A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnera… | |||
| CVE-2016-2367 | medium | 5.9 | 5.9 | 10y ago | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server,… | |||
| CVE-2016-2366 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious… | |||
| CVE-2016-2365 | medium | 5.9 | 5.9 | 10y ago | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A mali… | |||
| CVE-2016-5024 | medium | 5.9 | 5.9 | 10y ago | Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Tra… | |||
| CVE-2016-9159 | medium | 5.9 | 5.9 | 10y ago | A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and b… | |||
| CVE-2016-1411 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SM… | |||
| CVE-2016-9860 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4… | |||
| CVE-2016-6632 | medium | 5.9 | 5.9 | 10y ago | An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (… | |||
| CVE-2016-6624 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention | |||
| CVE-2016-6622 | medium | 5.9 | 5.9 | 10y ago | phpMyAdmin DoS Vulnerability | |||
| CVE-2016-5341 | medium | 5.9 | 5.9 | 10y ago | The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed … | |||
| CVE-2016-2927 | medium | 5.9 | 5.9 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms … | |||
| CVE-2016-6709 | medium | 5.9 | 5.9 | 10y ago | An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive inf… | |||
| CVE-2016-6461 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affec… | |||
| CVE-2016-9376 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet… | |||
| CVE-2016-9375 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by… | |||
| CVE-2016-9374 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet… | |||
| CVE-2016-9373 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dc… | |||
| CVE-2016-9372 | medium | 5.9 | 5.9 | 10y ago | In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting… | |||
| CVE-2016-6438 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line c… | |||
| CVE-2016-6437 | medium | 5.9 | 5.9 | 10y ago | A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to … | |||
| CVE-2016-5597 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | |||
| CVE-2016-5527 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-7099 | medium | 5.9 | 5.9 | 10y ago | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certifi… | |||
| CVE-2016-6025 | medium | 5.9 | 5.9 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstati… | |||
| CVE-2016-6416 | medium | 5.9 | 5.9 | 10y ago | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Manageme… | |||
| CVE-2016-7046 | medium | 5.9 | 5.9 | 10y ago | Undertow Uncaught Exception vulnerability | |||
| CVE-2016-6308 | medium | 5.9 | 5.9 | 10y ago | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of servic… | |||
| CVE-2016-6307 | medium | 5.9 | 5.9 | 10y ago | The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consu… | |||
| CVE-2016-6306 | medium | 5.9 | 5.9 | 10y ago | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s… | |||
| CVE-2016-6153 | medium | 5.9 | 5.9 | 10y ago | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application… | |||
| CVE-2016-7142 | medium | 5.9 | 5.9 | 10y ago | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as … | |||
| CVE-2016-4722 | medium | 5.9 | 5.9 | 10y ago | The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified v… | |||
| CVE-2016-6403 | medium | 5.9 | 5.9 | 10y ago | The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCu… | |||
| CVE-2016-4741 | medium | 5.9 | 5.9 | 10y ago | The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | |||
| CVE-2016-7420 | medium | 5.9 | 5.9 | 10y ago | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow c… | |||
| CVE-2016-1277 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6… | |||
| CVE-2016-7180 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial … | |||
| CVE-2016-7179 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2016-7178 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a … | |||
| CVE-2016-7177 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of … | |||
| CVE-2016-7176 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial o… | |||
| CVE-2016-7175 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and… | |||
| CVE-2016-0397 | medium | 5.9 | 5.9 | 10y ago | WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||
| CVE-2016-6231 | medium | 5.9 | 5.9 | 10y ago | Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||
| CVE-2016-5359 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite … | |||
| CVE-2016-5358 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application … | |||
| CVE-2016-5357 | medium | 5.9 | 5.9 | 10y ago | wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial… | |||
| CVE-2016-5356 | medium | 5.9 | 5.9 | 10y ago | wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of se… | |||
| CVE-2016-5355 | medium | 5.9 | 5.9 | 10y ago | wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of … | |||
| CVE-2016-5354 | medium | 5.9 | 5.9 | 10y ago | The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |