CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0870 | medium | 5.3 | 5.3 | 10y ago | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | |||
| CVE-2016-4746 | medium | 5.3 | 5.3 | 10y ago | The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances… | |||
| CVE-2016-1433 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||
| CVE-2016-6644 | medium | 5.3 | 5.3 | 10y ago | EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||
| CVE-2016-6401 | medium | 5.3 | 5.3 | 10y ago | Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… | |||
| CVE-2016-6398 | medium | 5.3 | 5.3 | 10y ago | The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet d… | |||
| CVE-2016-6396 | medium | 5.3 | 5.3 | 10y ago | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… | |||
| CVE-2016-7128 | medium | 5.3 | 5.3 | 10y ago | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers… | |||
| CVE-2016-6375 | medium | 5.3 | 5.3 | 10y ago | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… | |||
| CVE-2016-6212 | medium | 5.3 | 5.3 | 10y ago | Drupal Views can allow unauthorized users to see Statistics information | |||
| CVE-2016-6670 | medium | 5.3 | 5.3 | 10y ago | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remo… | |||
| CVE-2016-6344 | medium | 5.3 | 5.3 | 10y ago | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via… | |||
| CVE-2016-7153 | medium | 5.3 | 5.3 | 10y ago | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever… | |||
| CVE-2016-7152 | medium | 5.3 | 5.3 | 10y ago | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera… | |||
| CVE-2016-5430 | medium | 5.3 | 5.3 | 10y ago | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clea… | |||
| CVE-2016-6298 | medium | 5.3 | 5.3 | 10y ago | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte… | |||
| CVE-2016-5332 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-5390 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to A… | |||
| CVE-2016-4995 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtai… | |||
| CVE-2016-3329 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-3327 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3326 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3299 | medium | 5.3 | 5.3 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hi… | |||
| CVE-2016-4253 | medium | 5.3 | 5.3 | 10y ago | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4169 | medium | 5.3 | 5.3 | 10y ago | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||
| CVE-2016-6145 | medium | 5.3 | 5.3 | 10y ago | The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_c… | |||
| CVE-2016-5267 | medium | 5.3 | 5.3 | 10y ago | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||
| CVE-2016-5133 | medium | 5.3 | 5.3 | 10y ago | Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect… | |||
| CVE-2016-4635 | medium | 5.3 | 5.3 | 10y ago | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,… | |||
| CVE-2016-5456 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |||
| CVE-2016-5455 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3615 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |||
| CVE-2016-3614 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-3560 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3549 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentia… | |||
| CVE-2016-3548 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3547 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-3545 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vector… | |||
| CVE-2016-3508 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3500 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3498 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. | |||
| CVE-2016-3445 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-1459 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSC… | |||
| CVE-2016-0393 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | |||
| CVE-2016-5797 | medium | 5.3 | 5.3 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate a… | |||
| CVE-2016-4247 | medium | 5.3 | 5.3 | 10y ago | Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information vi… | |||
| CVE-2016-3277 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-3273 | medium | 5.3 | 5.3 | 10y ago | The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted w… | |||
| CVE-2016-3261 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-1445 | medium | 5.3 | 5.3 | 10y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | |||
| CVE-2016-0389 | medium | 5.3 | 5.3 | 10y ago | Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5098 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | |||
| CVE-2016-5097 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin… | |||
| CVE-2016-4956 | medium | 5.3 | 5.3 | 10y ago | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists beca… | |||
| CVE-2016-4465 | medium | 5.3 | 5.3 | 10y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-5730 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin full path disclosure vulnerability | |||
| CVE-2016-2961 | medium | 5.3 | 5.3 | 10y ago | The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version informat… | |||
| CVE-2016-2872 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2016-1440 | medium | 5.3 | 5.3 | 10y ago | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improp… | |||
| CVE-2016-5306 | medium | 5.3 | 5.3 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information b… | |||
| CVE-2016-4086 | medium | 5.3 | 5.3 | 10y ago | Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||
| CVE-2016-4824 | medium | 5.3 | 5.3 | 10y ago | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attacker… | |||
| CVE-2016-1191 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | |||
| CVE-2016-4821 | medium | 5.3 | 5.3 | 10y ago | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | |||
| CVE-2016-1223 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via u… | |||
| CVE-2016-3687 | medium | 5.3 | 5.3 | 10y ago | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to red… | |||
| CVE-2016-3216 | medium | 4.3 | 5.3 | 10y ago | GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |||
| CVE-2016-5104 | medium | 5.3 | 5.3 | 10y ago | The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connect… | |||
| CVE-2016-4495 | medium | 5.3 | 5.3 | 10y ago | KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||
| CVE-2016-3703 | medium | 5.3 | 5.3 | 10y ago | Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote … | |||
| CVE-2016-3093 | medium | 5.3 | 5.3 | 10y ago | Denial of service in Apache Struts | |||
| CVE-2016-1694 | medium | 5.3 | 5.3 | 10y ago | browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid … | |||
| CVE-2016-1693 | medium | 5.3 | 5.3 | 10y ago | browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to… | |||
| CVE-2016-1692 | medium | 5.3 | 5.3 | 10y ago | WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl… | |||
| CVE-2016-1370 | medium | 5.3 | 5.3 | 10y ago | Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via… | |||
| CVE-2016-4785 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4784 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4792 | medium | 5.3 | 5.3 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | |||
| CVE-2016-2190 | medium | 5.3 | 5.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2016-3739 | medium | 5.3 | 5.3 | 10y ago | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection… | |||
| CVE-2016-1844 | medium | 5.3 | 5.3 | 10y ago | The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | |||
| CVE-2016-4442 | medium | 5.3 | 5.3 | 10y ago | rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects | |||
| CVE-2016-1670 | medium | 5.3 | 5.3 | 10y ago | Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak… | |||
| CVE-2016-4536 | medium | 5.3 | 5.3 | 10y ago | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow… | |||
| CVE-2016-0194 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnera… | |||
| CVE-2016-0902 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … | |||
| CVE-2016-1199 | medium | 5.3 | 5.3 | 10y ago | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability tha… | |||
| CVE-2016-2303 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||
| CVE-2016-2302 | medium | 5.3 | 5.3 | 10y ago | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | |||
| CVE-2016-2212 | medium | 5.3 | 5.3 | 10y ago | The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.… | |||
| CVE-2016-1378 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) por… | |||
| CVE-2016-1376 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, a… | |||
| CVE-2016-3170 | medium | 5.3 | 5.3 | 10y ago | Drupal sensitive information disclosure | |||
| CVE-2016-0790 | medium | 5.3 | 5.3 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-3973 | medium | 5.3 | 5.3 | 10y ago | The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/… | |||
| CVE-2016-3119 | medium | 5.3 | 5.3 | 10y ago | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the D… | |||
| CVE-2016-1787 | medium | 5.3 | 5.3 | 10y ago | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||
| CVE-2016-1776 | medium | 5.3 | 5.3 | 10y ago | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP … | |||
| CVE-2016-1774 | medium | 5.3 | 5.3 | 10y ago | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitiv… | |||
| CVE-2016-0825 | medium | 5.3 | 5.3 | 10y ago | The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining… |