CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2957 | medium | 4.3 | 4.3 | 10y ago | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. | |||
| CVE-2016-2928 | medium | 4.3 | 4.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | |||
| CVE-2016-9449 | medium | 4.3 | 4.3 | 10y ago | Drupal sensitive information disclosure | |||
| CVE-2016-9185 | medium | 4.3 | 4.3 | 10y ago | In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 … | |||
| CVE-2016-8504 | medium | 4.3 | 4.3 | 10y ago | CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | |||
| CVE-2016-8295 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2016-8294 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2016-8283 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. | |||
| CVE-2016-5621 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticate… | |||
| CVE-2016-5613 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a … | |||
| CVE-2016-5611 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. | |||
| CVE-2016-5603 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenti… | |||
| CVE-2016-5596 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confi… | |||
| CVE-2016-5554 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. | |||
| CVE-2016-5522 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2016-5513 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to Fi… | |||
| CVE-2016-5511 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2016-5479 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confident… | |||
| CVE-2016-0377 | medium | 4.3 | 4.3 | 10y ago | The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authentica… | |||
| CVE-2016-0242 | medium | 4.3 | 4.3 | 10y ago | IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | |||
| CVE-2016-7572 | medium | 4.3 | 4.3 | 10y ago | Drupal Unprivileged access to config export | |||
| CVE-2016-7570 | medium | 4.3 | 4.3 | 10y ago | Drupal Users without "Administer comments" can set comment visibility on nodes they can edit | |||
| CVE-2016-3639 | medium | 4.3 | 4.3 | 10y ago | SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128. | |||
| CVE-2016-5945 | medium | 4.3 | 4.3 | 10y ago | IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. | |||
| CVE-2016-3000 | medium | 4.3 | 4.3 | 10y ago | The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. | |||
| CVE-2016-0918 | medium | 4.3 | 4.3 | 10y ago | EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Pop… | |||
| CVE-2016-5279 | medium | 4.3 | 4.3 | 10y ago | multiple issues in firefox | |||
| CVE-2016-0138 | medium | 4.3 | 4.3 | 10y ago | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which a… | |||
| CVE-2016-6370 | medium | 4.3 | 4.3 | 10y ago | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a … | |||
| CVE-2016-5163 | medium | 4.3 | 4.3 | 10y ago | The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows rem… | |||
| CVE-2016-5664 | medium | 4.3 | 4.3 | 10y ago | Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | |||
| CVE-2016-1474 | medium | 4.3 | 4.3 | 10y ago | Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a cra… | |||
| CVE-2016-5400 | medium | 4.3 | 4.3 | 10y ago | Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumpti… | |||
| CVE-2016-5268 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to con… | |||
| CVE-2016-5251 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | |||
| CVE-2016-5250 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||
| CVE-2016-2830 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier f… | |||
| CVE-2016-5137 | medium | 4.3 | 4.3 | 10y ago | The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does no… | |||
| CVE-2016-4603 | medium | 4.3 | 4.3 | 10y ago | Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||
| CVE-2016-3550 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. | |||
| CVE-2016-3540 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vecto… | |||
| CVE-2016-3517 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut. | |||
| CVE-2016-3507 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin. | |||
| CVE-2016-3475 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console. | |||
| CVE-2016-3458 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. | |||
| CVE-2016-0357 | medium | 4.3 | 4.3 | 10y ago | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||
| CVE-2016-5109 | medium | 4.3 | 4.3 | 10y ago | Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecifie… | |||
| CVE-2016-4178 | medium | 4.3 | 4.3 | 10y ago | Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2016-3244 | medium | 4.3 | 4.3 | 10y ago | Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass." | |||
| CVE-2016-2882 | medium | 4.3 | 4.3 | 10y ago | IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | |||
| CVE-2016-0398 | medium | 4.3 | 4.3 | 10y ago | IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. | |||
| CVE-2016-0364 | medium | 4.3 | 4.3 | 10y ago | IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authent… | |||
| CVE-2016-5307 | medium | 4.3 | 4.3 | 10y ago | Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspe… | |||
| CVE-2016-3649 | medium | 4.3 | 4.3 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. | |||
| CVE-2016-1864 | medium | 4.3 | 4.3 | 10y ago | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a… | |||
| CVE-2016-1196 | medium | 4.3 | 4.3 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerabilit… | |||
| CVE-2016-1192 | medium | 4.3 | 4.3 | 10y ago | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | |||
| CVE-2016-4911 | medium | 4.3 | 4.3 | 10y ago | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrict… | |||
| CVE-2016-2832 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||
| CVE-2016-4486 | low | 3.3 | 4.3 | 10y ago | The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from … | |||
| CVE-2016-2159 | medium | 4.3 | 4.3 | 10y ago | Moodle External function mod_assign_save_submission does not check due dates | |||
| CVE-2016-2158 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to obtain sensitive category-detail information | |||
| CVE-2016-2156 | medium | 4.3 | 4.3 | 10y ago | Moodle provides calendar-event data without considering whether an activity is hidden | |||
| CVE-2016-2155 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to modify "Exclude grade" settings | |||
| CVE-2016-2154 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to discover hidden course names | |||
| CVE-2016-2151 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to discover student e-mail addresses | |||
| CVE-2016-3727 | medium | 4.3 | 4.3 | 10y ago | Jenkins Exposes Sensitive Information via API URL | |||
| CVE-2016-3725 | medium | 4.3 | 4.3 | 10y ago | Missing permissions check in Jenkins Core | |||
| CVE-2016-3723 | medium | 4.3 | 4.3 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-3722 | medium | 4.3 | 4.3 | 10y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2016-3721 | medium | 4.3 | 4.3 | 10y ago | Jenkins allows Remote Users to Inject Build Parameters | |||
| CVE-2016-0381 | medium | 4.3 | 4.3 | 10y ago | IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty valu… | |||
| CVE-2016-1664 | medium | 4.3 | 4.3 | 10y ago | The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and othe… | |||
| CVE-2016-1206 | medium | 4.3 | 4.3 | 10y ago | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-f… | |||
| CVE-2016-3716 | low | 3.3 | 4.3 | 10y ago | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||
| CVE-2016-0895 | medium | 4.3 | 4.3 | 10y ago | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | |||
| CVE-2016-0893 | medium | 4.3 | 4.3 | 10y ago | EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||
| CVE-2016-2820 | medium | 4.3 | 4.3 | 10y ago | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify… | |||
| CVE-2016-0211 | medium | 4.3 | 4.3 | 10y ago | IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA mess… | |||
| CVE-2016-2304 | medium | 4.3 | 4.3 | 10y ago | Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive inf… | |||
| CVE-2016-3425 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. | |||
| CVE-2016-3422 | medium | 4.3 | 4.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. | |||
| CVE-2016-1658 | medium | 4.3 | 4.3 | 10y ago | The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o… | |||
| CVE-2016-1657 | medium | 4.3 | 4.3 | 10y ago | The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which… | |||
| CVE-2016-1175 | medium | 4.3 | 4.3 | 10y ago | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2016-0289 | medium | 4.3 | 4.3 | 10y ago | shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictio… | |||
| CVE-2016-1781 | medium | 4.3 | 4.3 | 10y ago | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | |||
| CVE-2016-1780 | medium | 4.3 | 4.3 | 10y ago | WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical envi… | |||
| CVE-2016-1772 | medium | 4.3 | 4.3 | 10y ago | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | |||
| CVE-2016-1764 | medium | 4.3 | 4.3 | 10y ago | The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||
| CVE-2016-0222 | medium | 4.3 | 4.3 | 10y ago | IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | |||
| CVE-2016-1965 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors invo… | |||
| CVE-2016-1958 | medium | 4.3 | 4.3 | 10y ago | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | |||
| CVE-2016-1957 | medium | 4.3 | 4.3 | 10y ago | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger… | |||
| CVE-2016-1955 | medium | 4.3 | 4.3 | 10y ago | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in… | |||
| CVE-2016-1562 | medium | 4.3 | 4.3 | 10y ago | The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. | |||
| CVE-2016-0886 | medium | 4.3 | 4.3 | 10y ago | EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||
| CVE-2016-1640 | medium | 4.3 | 4.3 | 10y ago | The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for … | |||
| CVE-2016-0706 | medium | 4.3 | 4.3 | 10y ago | Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/Restrict… | |||
| CVE-2016-0724 | medium | 4.3 | 4.3 | 10y ago | Moodle sensitive information disclosure |