CVEs from 2016
Total
8,431
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9216 | medium | 5.3 | 5.3 | 10y ago | An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More … | |||
| CVE-2016-8644 | medium | 5.3 | 5.3 | 10y ago | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | |||
| CVE-2016-8642 | medium | 5.3 | 5.3 | 10y ago | Moodle Unauthenticated Access | |||
| CVE-2016-5012 | medium | 5.3 | 5.3 | 10y ago | Moodle Glossary search displays entries without checking user permissions to view them | |||
| CVE-2016-9677 | medium | 5.3 | 5.3 | 10y ago | Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||
| CVE-2016-7433 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include t… | |||
| CVE-2016-7431 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | |||
| CVE-2016-8605 | medium | 5.3 | 5.3 | 10y ago | The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permi… | |||
| CVE-2016-6771 | medium | 5.3 | 5.3 | 10y ago | An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a loc… | |||
| CVE-2016-2375 | medium | 5.3 | 5.3 | 10y ago | An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||
| CVE-2016-1550 | medium | 5.3 | 5.3 | 10y ago | An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted … | |||
| CVE-2016-1547 | medium | 5.3 | 5.3 | 10y ago | An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a vi… | |||
| CVE-2016-10100 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive. | |||
| CVE-2016-10099 | medium | 5.3 | 5.3 | 10y ago | Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | |||
| CVE-2016-7087 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via … | |||
| CVE-2016-5334 | medium | 5.3 | 5.3 | 10y ago | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||
| CVE-2016-10072 | medium | 5.3 | 5.3 | 10y ago | WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co… | |||
| CVE-2016-7281 | medium | 5.3 | 5.3 | 10y ago | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Sec… | |||
| CVE-2016-7278 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosu… | |||
| CVE-2016-5186 | medium | 5.3 | 5.3 | 10y ago | multiple issues in chromium | |||
| CVE-2016-7888 | medium | 5.3 | 5.3 | 10y ago | Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||
| CVE-2016-6313 | medium | 5.3 | 5.3 | 10y ago | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of … | |||
| CVE-2016-9938 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si… | |||
| CVE-2016-9859 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versi… | |||
| CVE-2016-9858 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4… | |||
| CVE-2016-9855 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9854 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9853 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin path disclosure | |||
| CVE-2016-9852 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the… | |||
| CVE-2016-9851 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin Bypass logout timeout | |||
| CVE-2016-9850 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x v… | |||
| CVE-2016-9848 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4… | |||
| CVE-2016-9847 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way thi… | |||
| CVE-2016-6627 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.… | |||
| CVE-2016-6613 | medium | 5.3 | 5.3 | 10y ago | An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user… | |||
| CVE-2016-9804 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lac… | |||
| CVE-2016-9803 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from '… | |||
| CVE-2016-9802 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon… | |||
| CVE-2016-9801 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||
| CVE-2016-9800 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to la… | |||
| CVE-2016-9799 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||
| CVE-2016-9798 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump… | |||
| CVE-2016-9797 | medium | 5.3 | 5.3 | 10y ago | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidu… | |||
| CVE-2016-5987 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers … | |||
| CVE-2016-5890 | medium | 5.3 | 5.3 | 10y ago | IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||
| CVE-2016-2940 | medium | 5.3 | 5.3 | 10y ago | Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2016-2935 | medium | 5.3 | 5.3 | 10y ago | The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | |||
| CVE-2016-2932 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors. | |||
| CVE-2016-2931 | medium | 5.3 | 5.3 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2016-5968 | medium | 5.3 | 5.3 | 10y ago | The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1… | |||
| CVE-2016-8672 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SI… | |||
| CVE-2016-6463 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-6462 | medium | 5.3 | 5.3 | 10y ago | A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protectio… | |||
| CVE-2016-9286 | medium | 5.3 | 5.3 | 10y ago | framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as d… | |||
| CVE-2016-9285 | medium | 5.3 | 5.3 | 10y ago | framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1,… | |||
| CVE-2016-9284 | medium | 5.3 | 5.3 | 10y ago | getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||
| CVE-2016-7209 | medium | 5.3 | 5.3 | 10y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||
| CVE-2016-8875 | medium | 5.3 | 5.3 | 10y ago | The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application … | |||
| CVE-2016-9118 | medium | 5.3 | 5.3 | 10y ago | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||
| CVE-2016-8501 | medium | 5.3 | 5.3 | 10y ago | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||
| CVE-2016-5583 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unk… | |||
| CVE-2016-5575 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentia… | |||
| CVE-2016-5566 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5532 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via v… | |||
| CVE-2016-5524 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vu… | |||
| CVE-2016-5510 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2016-5488 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-5487 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-1000214 | medium | 5.3 | 5.3 | 10y ago | Ruckus Wireless H500 web management interface authentication bypass | |||
| CVE-2016-3392 | medium | 5.3 | 5.3 | 10y ago | The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Micr… | |||
| CVE-2016-3391 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure… | |||
| CVE-2016-3267 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosur… | |||
| CVE-2016-6026 | medium | 5.3 | 5.3 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP… | |||
| CVE-2016-6421 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | |||
| CVE-2016-6636 | medium | 5.3 | 5.3 | 10y ago | The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elasti… | |||
| CVE-2016-6146 | medium | 5.3 | 5.3 | 10y ago | The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||
| CVE-2016-4748 | medium | 5.3 | 5.3 | 10y ago | Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||
| CVE-2016-4745 | medium | 5.3 | 5.3 | 10y ago | The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user a… | |||
| CVE-2016-4713 | medium | 5.3 | 5.3 | 10y ago | CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||
| CVE-2016-0870 | medium | 5.3 | 5.3 | 10y ago | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | |||
| CVE-2016-4746 | medium | 5.3 | 5.3 | 10y ago | The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances… | |||
| CVE-2016-1433 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||
| CVE-2016-6644 | medium | 5.3 | 5.3 | 10y ago | EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||
| CVE-2016-6401 | medium | 5.3 | 5.3 | 10y ago | Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… | |||
| CVE-2016-6398 | medium | 5.3 | 5.3 | 10y ago | The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet d… | |||
| CVE-2016-6396 | medium | 5.3 | 5.3 | 10y ago | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… | |||
| CVE-2016-7128 | medium | 5.3 | 5.3 | 10y ago | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers… | |||
| CVE-2016-6375 | medium | 5.3 | 5.3 | 10y ago | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… | |||
| CVE-2016-6212 | medium | 5.3 | 5.3 | 10y ago | Drupal Views can allow unauthorized users to see Statistics information | |||
| CVE-2016-6670 | medium | 5.3 | 5.3 | 10y ago | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remo… | |||
| CVE-2016-6344 | medium | 5.3 | 5.3 | 10y ago | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via… | |||
| CVE-2016-7153 | medium | 5.3 | 5.3 | 10y ago | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever… | |||
| CVE-2016-7152 | medium | 5.3 | 5.3 | 10y ago | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera… | |||
| CVE-2016-5430 | medium | 5.3 | 5.3 | 10y ago | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clea… | |||
| CVE-2016-6298 | medium | 5.3 | 5.3 | 10y ago | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte… | |||
| CVE-2016-5332 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2016-5390 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to A… | |||
| CVE-2016-4995 | medium | 5.3 | 5.3 | 10y ago | Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtai… | |||
| CVE-2016-3329 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-3327 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… |