CVEs from 2016
Total
8,431
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3326 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a differ… | |||
| CVE-2016-3299 | medium | 5.3 | 5.3 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hi… | |||
| CVE-2016-4253 | medium | 5.3 | 5.3 | 10y ago | The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4169 | medium | 5.3 | 5.3 | 10y ago | Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||
| CVE-2016-6145 | medium | 5.3 | 5.3 | 10y ago | The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_c… | |||
| CVE-2016-5267 | medium | 5.3 | 5.3 | 10y ago | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |||
| CVE-2016-5133 | medium | 5.3 | 5.3 | 10y ago | Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect… | |||
| CVE-2016-4635 | medium | 5.3 | 5.3 | 10y ago | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances,… | |||
| CVE-2016-5456 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via… | |||
| CVE-2016-5455 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3615 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth… | |||
| CVE-2016-3614 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | |||
| CVE-2016-3560 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe… | |||
| CVE-2016-3549 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentia… | |||
| CVE-2016-3548 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors… | |||
| CVE-2016-3547 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentialit… | |||
| CVE-2016-3545 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vector… | |||
| CVE-2016-3508 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3500 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different… | |||
| CVE-2016-3498 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. | |||
| CVE-2016-3445 | medium | 5.3 | 5.3 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container… | |||
| CVE-2016-1459 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSC… | |||
| CVE-2016-0393 | medium | 5.3 | 5.3 | 10y ago | IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | |||
| CVE-2016-5797 | medium | 5.3 | 5.3 | 10y ago | Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate a… | |||
| CVE-2016-4247 | medium | 5.3 | 5.3 | 10y ago | Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information vi… | |||
| CVE-2016-3277 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||
| CVE-2016-3273 | medium | 5.3 | 5.3 | 10y ago | The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted w… | |||
| CVE-2016-3261 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2016-1445 | medium | 5.3 | 5.3 | 10y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | |||
| CVE-2016-0389 | medium | 5.3 | 5.3 | 10y ago | Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-5098 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | |||
| CVE-2016-5097 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin… | |||
| CVE-2016-4956 | medium | 5.3 | 5.3 | 10y ago | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists beca… | |||
| CVE-2016-4465 | medium | 5.3 | 5.3 | 10y ago | Apache Struts vulnerable to possible DoS attack when using URLValidator | |||
| CVE-2016-5730 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin full path disclosure vulnerability | |||
| CVE-2016-2961 | medium | 5.3 | 5.3 | 10y ago | The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version informat… | |||
| CVE-2016-2872 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2016-1440 | medium | 5.3 | 5.3 | 10y ago | The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improp… | |||
| CVE-2016-5306 | medium | 5.3 | 5.3 | 10y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information b… | |||
| CVE-2016-4086 | medium | 5.3 | 5.3 | 10y ago | Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||
| CVE-2016-4824 | medium | 5.3 | 5.3 | 10y ago | The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attacker… | |||
| CVE-2016-1191 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | |||
| CVE-2016-4821 | medium | 5.3 | 5.3 | 10y ago | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | |||
| CVE-2016-1223 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via u… | |||
| CVE-2016-3687 | medium | 5.3 | 5.3 | 10y ago | Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to red… | |||
| CVE-2016-3216 | medium | 4.3 | 5.3 | 10y ago | GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |||
| CVE-2016-5104 | medium | 5.3 | 5.3 | 10y ago | The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connect… | |||
| CVE-2016-4495 | medium | 5.3 | 5.3 | 10y ago | KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||
| CVE-2016-3703 | medium | 5.3 | 5.3 | 10y ago | Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote … | |||
| CVE-2016-3093 | medium | 5.3 | 5.3 | 10y ago | Denial of service in Apache Struts | |||
| CVE-2016-1694 | medium | 5.3 | 5.3 | 10y ago | browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid … | |||
| CVE-2016-1693 | medium | 5.3 | 5.3 | 10y ago | browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to… | |||
| CVE-2016-1692 | medium | 5.3 | 5.3 | 10y ago | WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl… | |||
| CVE-2016-1370 | medium | 5.3 | 5.3 | 10y ago | Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via… | |||
| CVE-2016-4785 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4784 | medium | 5.3 | 5.3 | 10y ago | A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2016-4792 | medium | 5.3 | 5.3 | 10y ago | Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | |||
| CVE-2016-2190 | medium | 5.3 | 5.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2016-3739 | medium | 5.3 | 5.3 | 10y ago | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection… | |||
| CVE-2016-1844 | medium | 5.3 | 5.3 | 10y ago | The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | |||
| CVE-2016-4442 | medium | 5.3 | 5.3 | 10y ago | rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects | |||
| CVE-2016-1670 | medium | 5.3 | 5.3 | 10y ago | Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak… | |||
| CVE-2016-4536 | medium | 5.3 | 5.3 | 10y ago | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow… | |||
| CVE-2016-0194 | medium | 5.3 | 5.3 | 10y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnera… | |||
| CVE-2016-0902 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified … | |||
| CVE-2016-1199 | medium | 5.3 | 5.3 | 10y ago | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability tha… | |||
| CVE-2016-2303 | medium | 5.3 | 5.3 | 10y ago | CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||
| CVE-2016-2302 | medium | 5.3 | 5.3 | 10y ago | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | |||
| CVE-2016-2212 | medium | 5.3 | 5.3 | 10y ago | The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.… | |||
| CVE-2016-1378 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) por… | |||
| CVE-2016-1376 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, a… | |||
| CVE-2016-3170 | medium | 5.3 | 5.3 | 10y ago | Drupal sensitive information disclosure | |||
| CVE-2016-0790 | medium | 5.3 | 5.3 | 10y ago | Exposure of Sensitive Information in Jenkins Core | |||
| CVE-2016-3973 | medium | 5.3 | 5.3 | 10y ago | The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/… | |||
| CVE-2016-3119 | medium | 5.3 | 5.3 | 10y ago | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the D… | |||
| CVE-2016-1787 | medium | 5.3 | 5.3 | 10y ago | Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||
| CVE-2016-1776 | medium | 5.3 | 5.3 | 10y ago | Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP … | |||
| CVE-2016-1774 | medium | 5.3 | 5.3 | 10y ago | The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitiv… | |||
| CVE-2016-0825 | medium | 5.3 | 5.3 | 10y ago | The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining… | |||
| CVE-2016-0824 | medium | 5.3 | 5.3 | 10y ago | libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, … | |||
| CVE-2016-1361 | medium | 5.3 | 5.3 | 10y ago | Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to… | |||
| CVE-2016-2845 | medium | 5.3 | 5.3 | 10y ago | The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remo… | |||
| CVE-2016-2283 | medium | 5.3 | 5.3 | 10y ago | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via un… | |||
| CVE-2016-2282 | medium | 5.3 | 5.3 | 10y ago | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext… | |||
| CVE-2016-1357 | medium | 5.3 | 5.3 | 10y ago | The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions an… | |||
| CVE-2016-1288 | medium | 5.3 | 5.3 | 10y ago | The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by lev… | |||
| CVE-2016-1353 | medium | 5.3 | 5.3 | 10y ago | The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… | |||
| CVE-2016-2097 | medium | 5.3 | 5.3 | 10y ago | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted u… | |||
| CVE-2016-1342 | medium | 5.3 | 5.3 | 10y ago | The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID C… | |||
| CVE-2016-2044 | medium | 5.3 | 5.3 | 10y ago | libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an e… | |||
| CVE-2016-2042 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpsecl… | |||
| CVE-2016-2039 | medium | 5.3 | 5.3 | 10y ago | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass int… | |||
| CVE-2016-2038 | medium | 5.3 | 5.3 | 10y ago | phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error… | |||
| CVE-2016-2509 | medium | 5.3 | 5.3 | 10y ago | The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator pa… | |||
| CVE-2016-1334 | medium | 5.3 | 5.3 | 10y ago | Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. | |||
| CVE-2016-0747 | medium | 5.3 | 5.3 | 10y ago | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) v… | |||
| CVE-2016-0864 | medium | 5.3 | 5.3 | 11y ago | Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified … | |||
| CVE-2016-1324 | medium | 5.3 | 5.3 | 11y ago | The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | |||
| CVE-2016-0950 | medium | 5.3 | 5.3 | 11y ago | Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | |||
| CVE-2016-0050 | medium | 5.3 | 5.3 | 11y ago | Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS … |