CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7087 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via … | |||
| CVE-2016-5334 | medium | 5.3 | 5.3 | 10y ago | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||
| CVE-2016-10072 | medium | 5.3 | 5.3 | 10y ago | WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co… | |||
| CVE-2016-7281 | medium | 5.3 | 5.3 | 10y ago | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Sec… | |||
| CVE-2016-7278 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosu… | |||
| CVE-2016-5186 | medium | 5.3 | 5.3 | 10y ago | multiple issues in chromium | |||
| CVE-2016-7888 | medium | 5.3 | 5.3 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||
| CVE-2016-6313 | medium | 5.3 | 5.3 | 10y ago | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of … | |||
| CVE-2016-9938 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si… | |||
| CVE-2016-9859 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi… | |||
| CVE-2016-9858 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4… | |||
| CVE-2016-9855 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9854 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9853 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin path disclosure | |||
| CVE-2016-9852 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9851 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin Bypass logout timeout | |||
| CVE-2016-9850 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x v… | |||
| CVE-2016-9848 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4… | |||
| CVE-2016-9847 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… | |||
| CVE-2016-6627 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.… | |||
| CVE-2016-6613 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… | |||
| CVE-2016-9804 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lac… | |||
| CVE-2016-9803 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from '… | |||
| CVE-2016-9802 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon… | |||
| CVE-2016-9801 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||
| CVE-2016-9800 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to la… | |||
| CVE-2016-9799 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||
| CVE-2016-9798 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump… | |||
| CVE-2016-9797 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidu… | |||
| CVE-2016-5987 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers … | |||
| CVE-2016-5890 | medium | 5.3 | 5.3 | 10y ago | IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||
| CVE-2016-2940 | medium | 5.3 | 5.3 | 10y ago | Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2016-2935 | medium | 5.3 | 5.3 | 10y ago | The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | |||
| CVE-2016-2932 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||
| CVE-2016-2931 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-5968 | medium | 5.3 | 5.3 | 10y ago | The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… | |||
| CVE-2016-8672 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SI… | |||
| CVE-2016-6463 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-6462 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-9286 | medium | 5.3 | 5.3 | 10y ago | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as d… | |||
| CVE-2016-9285 | medium | 5.3 | 5.3 | 10y ago | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1,… | |||
| CVE-2016-9284 | medium | 5.3 | 5.3 | 10y ago | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||
| CVE-2016-7209 | medium | 5.3 | 5.3 | 10y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||
| CVE-2016-8875 | medium | 5.3 | 5.3 | 10y ago | The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application … | |||
| CVE-2016-9118 | medium | 5.3 | 5.3 | 10y ago | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||
| CVE-2016-8501 | medium | 5.3 | 5.3 | 10y ago | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||
| CVE-2016-5583 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unk… | |||
| CVE-2016-5575 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentia… | |||
| CVE-2016-5566 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5532 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via v… | |||
| CVE-2016-5524 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-5510 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5488 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-5487 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-1000214 | medium | 5.3 | 5.3 | 10y ago | Ruckus Wireless H500 web management interface authentication bypass | |||
| CVE-2016-3392 | medium | 5.3 | 5.3 | 10y ago | The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Micr… | |||
| CVE-2016-3391 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure… | |||
| CVE-2016-3267 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosur… | |||
| CVE-2016-6026 | medium | 5.3 | 5.3 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… | |||
| CVE-2016-6421 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | |||
| CVE-2016-6636 | medium | 5.3 | 5.3 | 10y ago | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elasti… | |||
| CVE-2016-6146 | medium | 5.3 | 5.3 | 10y ago | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||
| CVE-2016-4748 | medium | 5.3 | 5.3 | 10y ago | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||
| CVE-2016-4745 | medium | 5.3 | 5.3 | 10y ago | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user a… | |||
| CVE-2016-4713 | medium | 5.3 | 5.3 | 10y ago | CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||
| CVE-2016-0870 | medium | 5.3 | 5.3 | 10y ago | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | |||
| CVE-2016-4746 | medium | 5.3 | 5.3 | 10y ago | The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances… | |||
| CVE-2016-1433 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||
| CVE-2016-6644 | medium | 5.3 | 5.3 | 10y ago | EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||
| CVE-2016-6401 | medium | 5.3 | 5.3 | 10y ago | Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… | |||
| CVE-2016-6398 | medium | 5.3 | 5.3 | 10y ago | The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet d… | |||
| CVE-2016-6396 | medium | 5.3 | 5.3 | 10y ago | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… | |||
| CVE-2016-7128 | medium | 5.3 | 5.3 | 10y ago | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers… | |||
| CVE-2016-6375 | medium | 5.3 | 5.3 | 10y ago | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… | |||
| CVE-2016-6212 | medium | 5.3 | 5.3 | 10y ago | Drupal Views can allow unauthorized users to see Statistics information | |||
| CVE-2016-6670 | medium | 5.3 | 5.3 | 10y ago | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remo… | |||
| CVE-2016-6344 | medium | 5.3 | 5.3 | 10y ago | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via… | |||
| CVE-2016-7153 | medium | 5.3 | 5.3 | 10y ago | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever… | |||
| CVE-2016-7152 | medium | 5.3 | 5.3 | 10y ago | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera… | |||
| CVE-2016-5430 | medium | 5.3 | 5.3 | 10y ago | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clea… | |||
| CVE-2016-6298 | medium | 5.3 | 5.3 | 10y ago | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte… | |||
| CVE-2016-5332 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-5390 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to A… | |||
| CVE-2016-4995 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtai… | |||
| CVE-2016-3329 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-3327 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3326 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3299 | medium | 5.3 | 5.3 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hi… | |||
| CVE-2016-4253 | medium | 5.3 | 5.3 | 10y ago | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4169 | medium | 5.3 | 5.3 | 10y ago | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||
| CVE-2016-6145 | medium | 5.3 | 5.3 | 10y ago | The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_c… | |||
| CVE-2016-5267 | medium | 5.3 | 5.3 | 10y ago | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||
| CVE-2016-5133 | medium | 5.3 | 5.3 | 10y ago | Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect… | |||
| CVE-2016-4635 | medium | 5.3 | 5.3 | 10y ago | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,… | |||
| CVE-2016-5456 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |||
| CVE-2016-5455 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3615 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |||
| CVE-2016-3614 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-3560 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3549 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentia… |