CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5353 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of… | |||
| CVE-2016-5352 | medium | 5.9 | 5.9 | 10y ago | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a… | |||
| CVE-2016-5351 | medium | 5.9 | 5.9 | 10y ago | epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of … | |||
| CVE-2016-6513 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2016-6511 | medium | 5.9 | 5.9 | 10y ago | epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. | |||
| CVE-2016-6510 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer … | |||
| CVE-2016-6509 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (appli… | |||
| CVE-2016-6508 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of servi… | |||
| CVE-2016-6507 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-6506 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||
| CVE-2016-1276 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer … | |||
| CVE-2016-3612 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core. | |||
| CVE-2016-3588 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. | |||
| CVE-2016-3525 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management. | |||
| CVE-2016-5655 | medium | 5.9 | 5.9 | 10y ago | Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||
| CVE-2016-2775 | medium | 5.9 | 5.9 | 10y ago | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash… | |||
| CVE-2016-1546 | medium | 5.9 | 5.9 | 10y ago | The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a … | |||
| CVE-2016-4955 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packe… | |||
| CVE-2016-2079 | medium | 5.9 | 5.9 | 10y ago | VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified … | |||
| CVE-2016-0365 | medium | 5.9 | 5.9 | 10y ago | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication … | |||
| CVE-2016-5435 | medium | 5.9 | 5.9 | 10y ago | Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networkin… | |||
| CVE-2016-4429 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecif… | |||
| CVE-2016-3094 | medium | 5.9 | 5.9 | 10y ago | Improper Input Validation in org.apache.qpid:qpid-broker | |||
| CVE-2016-0907 | medium | 5.9 | 5.9 | 10y ago | EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allow… | |||
| CVE-2016-0306 | medium | 5.9 | 5.9 | 10y ago | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to ob… | |||
| CVE-2016-1115 | medium | 5.9 | 5.9 | 10y ago | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof se… | |||
| CVE-2016-0149 | medium | 5.9 | 5.9 | 10y ago | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext … | |||
| CVE-2016-4008 | medium | 5.9 | 5.9 | 10y ago | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infini… | |||
| CVE-2016-4421 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption… | |||
| CVE-2016-4420 | medium | 5.9 | 5.9 | 10y ago | The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2016-4419 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted p… | |||
| CVE-2016-4418 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application … | |||
| CVE-2016-4417 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (… | |||
| CVE-2016-4416 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over… | |||
| CVE-2016-4415 | medium | 5.9 | 5.9 | 10y ago | wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buff… | |||
| CVE-2016-4085 | medium | 5.9 | 5.9 | 10y ago | Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or p… | |||
| CVE-2016-4084 | medium | 5.9 | 5.9 | 10y ago | Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and applicati… | |||
| CVE-2016-4083 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial … | |||
| CVE-2016-4082 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause… | |||
| CVE-2016-4081 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of s… | |||
| CVE-2016-4080 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (o… | |||
| CVE-2016-4079 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of servi… | |||
| CVE-2016-4078 | medium | 5.9 | 5.9 | 10y ago | The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursio… | |||
| CVE-2016-4077 | medium | 5.9 | 5.9 | 10y ago | epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use… | |||
| CVE-2016-4076 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of ser… | |||
| CVE-2016-4006 | medium | 5.9 | 5.9 | 10y ago | epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and… | |||
| CVE-2016-2115 | medium | 5.9 | 5.9 | 10y ago | Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB c… | |||
| CVE-2016-2114 | medium | 5.9 | 5.9 | 10y ago | The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle att… | |||
| CVE-2016-2112 | medium | 5.9 | 5.9 | 10y ago | The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-midd… | |||
| CVE-2016-2110 | medium | 5.9 | 5.9 | 10y ago | The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by mo… | |||
| CVE-2016-0695 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | |||
| CVE-2016-0677 | medium | 5.9 | 5.9 | 10y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-2390 | medium | 5.9 | 5.9 | 10y ago | The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows… | |||
| CVE-2016-1273 | medium | 5.9 | 5.9 | 10y ago | Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers t… | |||
| CVE-2016-0787 | medium | 5.9 | 5.9 | 10y ago | The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH … | |||
| CVE-2016-0739 | medium | 5.9 | 5.9 | 10y ago | libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-i… | |||
| CVE-2016-3686 | medium | 5.9 | 5.9 | 10y ago | The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by levera… | |||
| CVE-2016-0887 | medium | 5.9 | 5.9 | 10y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2… | |||
| CVE-2016-4004 | medium | 4.9 | 5.9 | 10y ago | Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file param… | |||
| CVE-2016-3166 | medium | 5.9 | 5.9 | 10y ago | Drupal CRLF injection vulnerability in the drupal_set_header function | |||
| CVE-2016-1346 | medium | 5.9 | 5.9 | 10y ago | The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequ… | |||
| CVE-2016-1344 | medium | 5.9 | 5.9 | 10y ago | The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | |||
| CVE-2016-1788 | medium | 5.9 | 5.9 | 10y ago | Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachmen… | |||
| CVE-2016-1731 | medium | 5.9 | 5.9 | 10y ago | Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | |||
| CVE-2016-0771 | medium | 5.9 | 5.9 | 10y ago | The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial… | |||
| CVE-2016-0818 | medium | 5.9 | 5.9 | 10y ago | The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinctio… | |||
| CVE-2016-2774 | medium | 5.9 | 5.9 | 10y ago | ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertio… | |||
| CVE-2016-2244 | medium | 5.9 | 5.9 | 10y ago | HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-0704 | medium | 5.9 | 5.9 | 10y ago | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0… | |||
| CVE-2016-0703 | medium | 5.9 | 5.9 | 10y ago | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTE… | |||
| CVE-2016-2532 | medium | 5.9 | 5.9 | 10y ago | The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows … | |||
| CVE-2016-2531 | medium | 5.9 | 5.9 | 10y ago | Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds rea… | |||
| CVE-2016-2530 | medium | 5.9 | 5.9 | 10y ago | The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, wh… | |||
| CVE-2016-2528 | medium | 5.9 | 5.9 | 10y ago | The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denia… | |||
| CVE-2016-2526 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read… | |||
| CVE-2016-2525 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory con… | |||
| CVE-2016-2524 | medium | 5.9 | 5.9 | 10y ago | epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) vi… | |||
| CVE-2016-2523 | medium | 5.9 | 5.9 | 10y ago | The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of servic… | |||
| CVE-2016-2522 | medium | 5.9 | 5.9 | 10y ago | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allow… | |||
| CVE-2016-2316 | medium | 5.9 | 5.9 | 10y ago | chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf… | |||
| CVE-2016-1987 | medium | 5.9 | 5.9 | 10y ago | HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | |||
| CVE-2016-1284 | medium | 5.9 | 5.9 | 11y ago | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daem… | |||
| CVE-2016-2047 | medium | 5.9 | 5.9 | 11y ago | The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 … | |||
| CVE-2016-0201 | medium | 5.9 | 5.9 | 11y ago | GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | |||
| CVE-2016-1262 | medium | 5.9 | 5.9 | 11y ago | Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application La… | |||
| CVE-2016-1257 | medium | 5.9 | 5.9 | 11y ago | The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.… | |||
| CVE-2016-1231 | medium | 5.9 | 5.9 | 11y ago | Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified p… | |||
| CVE-2016-5237 | medium | 4.8 | 5.8 | 10y ago | Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse … | |||
| CVE-2016-4807 | medium | 4.8 | 5.8 | 10y ago | Web2py Reflected XSS vulnerability | |||
| CVE-2016-7458 | medium | 5.8 | 5.8 | 10y ago | VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjun… | |||
| CVE-2016-4046 | medium | 5.8 | 5.8 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of th… | |||
| CVE-2016-5477 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3608 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||
| CVE-2016-3529 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3467 | medium | 5.8 | 5.8 | 10y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2016-4500 | medium | 5.8 | 5.8 | 10y ago | Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||
| CVE-2016-4788 | medium | 5.8 | 5.8 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | |||
| CVE-2016-1321 | medium | 5.8 | 5.8 | 10y ago | Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature a… | |||
| CVE-2016-0475 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality… | |||
| CVE-2016-9719 | medium | 5.7 | 5.7 | 9y ago | IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malici… |