CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1531 | high | 7.0 | 8.0 | 10y ago | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | |||
| CVE-2016-1757 | high | 7.0 | 8.0 | 10y ago | Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2016-9111 | medium | 6.8 | 7.8 | 10y ago | Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o… | |||
| CVE-2016-5304 | medium | 6.8 | 7.8 | 10y ago | Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites… | |||
| CVE-2016-8769 | medium | 6.7 | 7.7 | 9y ago | Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file … | |||
| CVE-2016-10504 | medium | 6.5 | 7.5 | 9y ago | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f… | |||
| CVE-2016-5312 | medium | 6.5 | 7.5 | 9y ago | Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn paramete… | |||
| CVE-2016-6897 | medium | 6.5 | 7.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio… | |||
| CVE-2016-9951 | medium | 6.5 | 7.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |||
| CVE-2016-7237 | medium | 6.5 | 7.5 | 10y ago | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win… | |||
| CVE-2016-6435 | medium | 6.5 | 7.5 | 10y ago | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||
| CVE-2016-0772 | medium | 6.5 | 7.5 | 10y ago | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa… | |||
| CVE-2016-3542 | medium | 6.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentia… | |||
| CVE-2016-0169 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-0168 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-1595 | medium | 6.5 | 7.5 | 10y ago | LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att… | |||
| CVE-2016-1594 | medium | 6.5 | 7.5 | 10y ago | Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via … | |||
| CVE-2016-0784 | medium | 6.5 | 7.5 | 10y ago | Apache OpenMeetings Directory Traversal vulnerability | |||
| CVE-2016-0120 | medium | 6.5 | 7.5 | 10y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and… | |||
| CVE-2016-0862 | medium | 6.5 | 7.5 | 11y ago | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vec… | |||
| CVE-2016-3116 | medium | 6.4 | 7.4 | 10y ago | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||
| CVE-2016-3115 | medium | 6.4 | 7.4 | 10y ago | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re… | |||
| CVE-2016-0492 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2016-0491 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availabilit… | |||
| CVE-2016-8025 | medium | 6.2 | 7.2 | 9y ago | SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete… | |||
| CVE-2016-1885 | medium | 6.2 | 7.2 | 10y ago | Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service… | |||
| CVE-2016-0049 | medium | 6.2 | 7.2 | 11y ago | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate passw… | |||
| CVE-2016-9834 | medium | 6.1 | 7.1 | 9y ago | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is … | |||
| CVE-2016-1915 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale pa… | |||
| CVE-2016-8855 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or … | |||
| CVE-2016-8019 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o… | |||
| CVE-2016-4316 | medium | 6.1 | 7.1 | 9y ago | WSO2 Carbon vulnerable to Cross-site Scripting | |||
| CVE-2016-6283 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.a… | |||
| CVE-2016-3411 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. | |||
| CVE-2016-6854 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script cod… | |||
| CVE-2016-6853 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on … | |||
| CVE-2016-6851 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks aga… | |||
| CVE-2016-5740 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's l… | |||
| CVE-2016-7226 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, … | |||
| CVE-2016-7225 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, … | |||
| CVE-2016-7224 | medium | 6.1 | 7.1 | 10y ago | Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files… | |||
| CVE-2016-7851 | medium | 6.1 | 7.1 | 10y ago | Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks. | |||
| CVE-2016-8581 | medium | 6.1 | 7.1 | 10y ago | A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the c… | |||
| CVE-2016-6186 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an… | |||
| CVE-2016-0400 | medium | 6.1 | 7.1 | 10y ago | CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP hea… | |||
| CVE-2016-3670 | medium | 6.1 | 7.1 | 10y ago | Liferay Portal Vulnerable to XSS in Profile Search Functionality | |||
| CVE-2016-2279 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2016-1252 | medium | 5.9 | 6.9 | 9y ago | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 bef… | |||
| CVE-2016-6883 | medium | 5.9 | 6.9 | 9y ago | MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. | |||
| CVE-2016-6210 | medium | 5.9 | 6.9 | 9y ago | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu… | |||
| CVE-2016-5725 | medium | 5.9 | 6.9 | 10y ago | Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch | |||
| CVE-2016-5348 | medium | 5.9 | 6.9 | 10y ago | The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service… | |||
| CVE-2016-6512 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a c… | |||
| CVE-2016-6505 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and appl… | |||
| CVE-2016-6504 | medium | 5.9 | 6.9 | 10y ago | epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-6503 | medium | 5.9 | 6.9 | 10y ago | The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of servic… | |||
| CVE-2016-2107 | medium | 5.9 | 6.9 | 10y ago | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart… | |||
| CVE-2016-0800 | medium | 5.9 | 6.9 | 10y ago | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain p… | |||
| CVE-2016-5847 | medium | 5.8 | 6.8 | 10y ago | SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security… | |||
| CVE-2016-4315 | medium | 5.7 | 6.7 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action… | |||
| CVE-2016-5310 | medium | 5.5 | 6.5 | 9y ago | The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec … | |||
| CVE-2016-5309 | medium | 5.5 | 6.5 | 9y ago | The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec … | |||
| CVE-2016-7608 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from… | |||
| CVE-2016-9813 | medium | 5.5 | 6.5 | 10y ago | The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2016-7216 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka… | |||
| CVE-2016-7386 | medium | 5.5 | 6.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-9018 | medium | 5.5 | 6.5 | 10y ago | Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | |||
| CVE-2016-6828 | medium | 5.5 | 6.5 | 10y ago | The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a deni… | |||
| CVE-2016-3209 | medium | 5.5 | 6.5 | 10y ago | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10… | |||
| CVE-2016-0075 | medium | 5.5 | 6.5 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-0070 | medium | 5.5 | 6.5 | 10y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows … | |||
| CVE-2016-6689 | medium | 5.5 | 6.5 | 10y ago | Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347. | |||
| CVE-2016-3373 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe… | |||
| CVE-2016-3371 | medium | 5.5 | 6.5 | 10y ago | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe… | |||
| CVE-2016-1415 | medium | 5.5 | 6.5 | 10y ago | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. | |||
| CVE-2016-5845 | medium | 5.5 | 6.5 | 10y ago | SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive … | |||
| CVE-2016-4578 | medium | 5.5 | 6.5 | 10y ago | sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of… | |||
| CVE-2016-1839 | medium | 5.5 | 6.5 | 10y ago | The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o… | |||
| CVE-2016-1838 | medium | 5.5 | 6.5 | 10y ago | The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to… | |||
| CVE-2016-3717 | medium | 5.5 | 6.5 | 10y ago | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||
| CVE-2016-9316 | medium | 5.4 | 6.4 | 9y ago | Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu… | |||
| CVE-2016-1609 | medium | 5.4 | 6.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM… | |||
| CVE-2016-3652 | medium | 5.4 | 6.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web s… | |||
| CVE-2016-1596 | medium | 5.4 | 6.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, … | |||
| CVE-2016-5063 | medium | 5.3 | 6.3 | 9y ago | The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vecto… | |||
| CVE-2016-3388 | medium | 5.3 | 6.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof… | |||
| CVE-2016-3963 | medium | 5.3 | 6.3 | 10y ago | Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. | |||
| CVE-2016-1910 | medium | 5.3 | 6.3 | 11y ago | The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290. | |||
| CVE-2016-1807 | medium | 5.1 | 6.1 | 10y ago | Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel … | |||
| CVE-2016-3984 | medium | 5.1 | 6.1 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,… | |||
| CVE-2016-8021 | medium | 5.0 | 6.0 | 9y ago | Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe… | |||
| CVE-2016-0079 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi… | |||
| CVE-2016-0073 | medium | 5.0 | 6.0 | 10y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an… | |||
| CVE-2016-5810 | medium | 4.9 | 5.9 | 9y ago | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | |||
| CVE-2016-4314 | medium | 4.9 | 5.9 | 9y ago | WSO2 Carbon directory traversal vulnerability | |||
| CVE-2016-4004 | medium | 4.9 | 5.9 | 10y ago | Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file param… | |||
| CVE-2016-5237 | medium | 4.8 | 5.8 | 10y ago | Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse … | |||
| CVE-2016-4807 | medium | 4.8 | 5.8 | 10y ago | Web2py Reflected XSS vulnerability | |||
| CVE-2016-2784 | medium | 4.7 | 5.7 | 10y ago | CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS)… | |||
| CVE-2016-3140 | medium | 4.6 | 5.6 | 10y ago | The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s… |