CVEs from 2016
Total
8,439
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0507 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a diff… | |||
| CVE-2016-0506 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentia… | |||
| CVE-2016-0497 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via… | |||
| CVE-2016-0496 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the MICROS CWDirect component in Oracle Retail Applications 12.5, 13.0, 14.0, 15.0, 16.0, 17.0, and 18.0 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2016-0495 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related… | |||
| CVE-2016-0471 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2016-0464 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. | |||
| CVE-2016-0463 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2016-0443 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-0433 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support. | |||
| CVE-2016-0430 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a diff… | |||
| CVE-2016-0429 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Schedul… | |||
| CVE-2016-0404 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin. | |||
| CVE-2016-0401 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Schedul… | |||
| CVE-2016-0012 | medium | 4.3 | 4.3 | 11y ago | Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Ex… | |||
| CVE-2016-0008 | medium | 4.3 | 4.3 | 11y ago | The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 a… | |||
| CVE-2016-0005 | medium | 4.3 | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2016-1501 | medium | 4.3 | 4.3 | 11y ago | ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exce… | |||
| CVE-2016-7815 | medium | 4.2 | 4.2 | 9y ago | Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||
| CVE-2016-8292 | medium | 4.2 | 4.2 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to… | |||
| CVE-2016-5493 | medium | 4.2 | 4.2 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality … | |||
| CVE-2016-4499 | medium | 4.2 | 4.2 | 10y ago | Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2016-4497 | medium | 4.2 | 4.2 | 10y ago | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2016-4496 | medium | 4.2 | 4.2 | 10y ago | Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, a… | |||
| CVE-2016-8313 | medium | 4.1 | 4.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-5559 | medium | 4.1 | 4.1 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel. | |||
| CVE-2016-5504 | medium | 4.1 | 4.1 | 10y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confi… | |||
| CVE-2016-7094 | medium | 4.1 | 4.1 | 10y ago | Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | |||
| CVE-2016-3325 | low | 3.1 | 4.1 | 10y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-5464 | medium | 4.1 | 4.1 | 10y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related … | |||
| CVE-2016-5463 | medium | 4.1 | 4.1 | 10y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related … | |||
| CVE-2016-0668 | medium | 4.1 | 4.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors r… | |||
| CVE-2016-1490 | medium | 4.1 | 4.1 | 11y ago | The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | |||
| CVE-2016-0382 | medium | 4.0 | 4.0 | 9y ago | The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as… | |||
| CVE-2016-6097 | medium | 4.0 | 4.0 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | |||
| CVE-2016-3024 | medium | 4.0 | 4.0 | 10y ago | IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | |||
| CVE-2016-9844 | medium | 4.0 | 4.0 | 10y ago | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory … | |||
| CVE-2016-8579 | medium | 4.0 | 4.0 | 10y ago | docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | |||
| CVE-2016-7090 | medium | 4.0 | 4.0 | 10y ago | The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remot… | |||
| CVE-2016-4707 | medium | 4.0 | 4.0 | 10y ago | CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||
| CVE-2016-3764 | medium | 4.0 | 4.0 | 10y ago | media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensit… | |||
| CVE-2016-3761 | medium | 4.0 | 4.0 | 10y ago | NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a cra… | |||
| CVE-2016-4534 | low | 3.0 | 4.0 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and… | |||
| CVE-2016-0823 | medium | 4.0 | 4.0 | 10y ago | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by r… | |||
| CVE-2016-0616 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via u… | |||
| CVE-2016-0614 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unkno… | |||
| CVE-2016-0611 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2016-0597 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated use… | |||
| CVE-2016-0596 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to af… | |||
| CVE-2016-0595 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2016-0587 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown… | |||
| CVE-2016-0562 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Common Applications component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via vector… | |||
| CVE-2016-0531 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Oracle Di… | |||
| CVE-2016-0503 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-050… | |||
| CVE-2016-0467 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2016-0462 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2016-0461 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2016-0459 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity… | |||
| CVE-2016-0458 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX. | |||
| CVE-2016-0448 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality… | |||
| CVE-2016-0427 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to a… | |||
| CVE-2016-0413 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation prot… | |||
| CVE-2016-0409 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality v… | |||
| CVE-2016-3159 | low | 3.8 | 3.8 | 10y ago | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensiti… | |||
| CVE-2016-3158 | low | 3.8 | 3.8 | 10y ago | The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive … | |||
| CVE-2016-0238 | low | 3.7 | 3.7 | 9y ago | IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the mi… | |||
| CVE-2016-6102 | low | 3.7 | 3.7 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, r… | |||
| CVE-2016-7577 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger… | |||
| CVE-2016-8344 | low | 3.7 | 3.7 | 9y ago | An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release… | |||
| CVE-2016-8217 | low | 3.7 | 3.7 | 10y ago | EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which… | |||
| CVE-2016-5953 | low | 3.7 | 3.7 | 10y ago | IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa… | |||
| CVE-2016-3045 | low | 3.7 | 3.7 | 10y ago | IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer he… | |||
| CVE-2016-0297 | low | 3.7 | 3.7 | 10y ago | IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the mi… | |||
| CVE-2016-8330 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthent… | |||
| CVE-2016-8328 | low | 3.7 | 3.7 | 10y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unau… | |||
| CVE-2016-1551 | low | 3.7 | 3.7 | 10y ago | ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference cloc… | |||
| CVE-2016-7429 | low | 3.7 | 3.7 | 10y ago | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source)… | |||
| CVE-2016-9015 | low | 3.7 | 3.7 | 10y ago | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the l… | |||
| CVE-2016-4323 | low | 3.7 | 3.7 | 10y ago | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or … | |||
| CVE-2016-7903 | low | 3.7 | 3.7 | 10y ago | Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | |||
| CVE-2016-2953 | low | 3.7 | 3.7 | 10y ago | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-2952 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||
| CVE-2016-2951 | low | 3.7 | 3.7 | 10y ago | IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the … | |||
| CVE-2016-0378 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||
| CVE-2016-0372 | low | 3.7 | 3.7 | 10y ago | IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 … | |||
| CVE-2016-0353 | low | 3.7 | 3.7 | 10y ago | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remot… | |||
| CVE-2016-5481 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Cor… | |||
| CVE-2016-1000033 | low | 3.7 | 3.7 | 10y ago | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||
| CVE-2016-0240 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier fo… | |||
| CVE-2016-0248 | low | 3.7 | 3.7 | 10y ago | IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||
| CVE-2016-4739 | low | 3.7 | 3.7 | 10y ago | mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending … | |||
| CVE-2016-4747 | low | 3.7 | 3.7 | 10y ago | Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||
| CVE-2016-4379 | low | 3.7 | 3.7 | 10y ago | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers t… | |||
| CVE-2016-5429 | low | 3.7 | 3.7 | 10y ago | jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and… | |||
| CVE-2016-2960 | low | 3.7 | 3.7 | 10y ago | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1… | |||
| CVE-2016-0281 | low | 3.7 | 3.7 | 10y ago | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter cras… | |||
| CVE-2016-0266 | low | 3.7 | 3.7 | 10y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5466 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2016-5460 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2016-5444 | low | 3.7 | 3.7 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta… |