CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0419 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431. | |||
| CVE-2016-8751 | medium | 4.8 | 4.8 | 9y ago | Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies | |||
| CVE-2016-7810 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4858 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11,… | |||
| CVE-2016-4856 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via… | |||
| CVE-2016-6037 | medium | 4.8 | 4.8 | 9y ago | IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project… | |||
| CVE-2016-4866 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | |||
| CVE-2016-4865 | medium | 4.8 | 4.8 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | |||
| CVE-2016-4318 | medium | 4.8 | 4.8 | 9y ago | Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||
| CVE-2016-5541 | medium | 4.8 | 4.8 | 10y ago | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. D… | |||
| CVE-2016-7168 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-10112 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta… | |||
| CVE-2016-1000121 | medium | 4.8 | 4.8 | 10y ago | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||
| CVE-2016-8285 | medium | 4.8 | 4.8 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Cand… | |||
| CVE-2016-5395 | medium | 4.8 | 4.8 | 10y ago | Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML | |||
| CVE-2016-5696 | medium | 4.8 | 4.8 | 10y ago | net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-wi… | |||
| CVE-2016-5005 | medium | 4.8 | 4.8 | 10y ago | Apache Archiva vulnerable to Cross-site Scripting | |||
| CVE-2016-3971 | medium | 4.8 | 4.8 | 10y ago | Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout. | |||
| CVE-2016-9263 | medium | 4.7 | 4.7 | 9y ago | WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained wit… | |||
| CVE-2016-0713 | medium | 4.7 | 4.7 | 9y ago | Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||
| CVE-2016-5858 | medium | 4.7 | 4.7 | 9y ago | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. | |||
| CVE-2016-5855 | medium | 4.7 | 4.7 | 9y ago | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. | |||
| CVE-2016-5854 | medium | 4.7 | 4.7 | 9y ago | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. | |||
| CVE-2016-5347 | medium | 4.7 | 4.7 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. | |||
| CVE-2016-4984 | medium | 4.7 | 4.7 | 9y ago | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition … | |||
| CVE-2016-4982 | medium | 4.7 | 4.7 | 9y ago | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | |||
| CVE-2016-10296 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat… | |||
| CVE-2016-10295 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-10294 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-10293 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-9473 | medium | 4.7 | 4.7 | 9y ago | Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate … | |||
| CVE-2016-8478 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8477 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2016-8416 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8413 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becau… | |||
| CVE-2016-7650 | medium | 4.7 | 4.7 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to co… | |||
| CVE-2016-7111 | medium | 4.7 | 4.7 | 9y ago | MantisBT XSS through weak CSP when using Gravatar plugin | |||
| CVE-2016-5918 | medium | 4.7 | 4.7 | 9y ago | IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | |||
| CVE-2016-8414 | medium | 4.7 | 4.7 | 9y ago | An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issu… | |||
| CVE-2016-1919 | medium | 4.7 | 4.7 | 10y ago | Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. | |||
| CVE-2016-9811 | medium | 4.7 | 4.7 | 10y ago | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via … | |||
| CVE-2016-8475 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it … | |||
| CVE-2016-8474 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be… | |||
| CVE-2016-8473 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate be… | |||
| CVE-2016-8472 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8471 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8470 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it f… | |||
| CVE-2016-8469 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it fir… | |||
| CVE-2016-8410 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus… | |||
| CVE-2016-8409 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-8408 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because … | |||
| CVE-2016-8407 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8406 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8405 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8404 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8403 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8402 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8401 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside… | |||
| CVE-2016-8395 | medium | 4.7 | 4.7 | 10y ago | A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the de… | |||
| CVE-2016-6774 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. Thi… | |||
| CVE-2016-6757 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2016-6756 | medium | 4.7 | 4.7 | 10y ago | An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2016-6213 | medium | 4.7 | 4.7 | 10y ago | fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock)… | |||
| CVE-2016-3685 | medium | 4.7 | 4.7 | 10y ago | SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration info… | |||
| CVE-2016-3684 | medium | 4.7 | 4.7 | 10y ago | SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging k… | |||
| CVE-2016-6723 | medium | 4.7 | 4.7 | 10y ago | A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote atta… | |||
| CVE-2016-7218 | medium | 4.7 | 4.7 | 10y ago | Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,… | |||
| CVE-2016-8289 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. | |||
| CVE-2016-7959 | medium | 4.7 | 4.7 | 10y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to… | |||
| CVE-2016-6136 | medium | 4.7 | 4.7 | 10y ago | Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call … | |||
| CVE-2016-5253 | medium | 4.7 | 4.7 | 10y ago | The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | |||
| CVE-2016-5459 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors relate… | |||
| CVE-2016-5450 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Ope… | |||
| CVE-2016-5443 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. | |||
| CVE-2016-3559 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors re… | |||
| CVE-2016-3558 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors re… | |||
| CVE-2016-3534 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors … | |||
| CVE-2016-3533 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via ve… | |||
| CVE-2016-3523 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vec… | |||
| CVE-2016-3496 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality … | |||
| CVE-2016-3451 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. | |||
| CVE-2016-3258 | medium | 4.7 | 4.7 | 10y ago | Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanis… | |||
| CVE-2016-6130 | medium | 4.7 | 4.7 | 10y ago | Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a c… | |||
| CVE-2016-5709 | medium | 4.7 | 4.7 | 10y ago | SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute for… | |||
| CVE-2016-4963 | medium | 4.7 | 4.7 | 10y ago | The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the… | |||
| CVE-2016-2053 | medium | 4.7 | 4.7 | 10y ago | The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mish… | |||
| CVE-2016-3435 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to P… | |||
| CVE-2016-3434 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors rela… | |||
| CVE-2016-0676 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. | |||
| CVE-2016-0663 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. | |||
| CVE-2016-0661 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. | |||
| CVE-2016-0655 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors r… | |||
| CVE-2016-0642 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. | |||
| CVE-2016-0623 | medium | 4.7 | 4.7 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component. | |||
| CVE-2016-1947 | medium | 4.7 | 4.7 | 11y ago | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of re… | |||
| CVE-2016-1943 | medium | 4.7 | 4.7 | 11y ago | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | |||
| CVE-2016-1141 | medium | 4.7 | 4.7 | 11y ago | KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-1138 | medium | 4.7 | 4.7 | 11y ago | CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||
| CVE-2016-7060 | medium | 4.6 | 4.6 | 9y ago | The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the d… | |||
| CVE-2016-4032 | medium | 4.6 | 4.6 | 9y ago | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-… |