Total
2471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | |||||
| CVE-2016-5419 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||||
| CVE-2016-5084 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-4763 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
| WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4754 | 1 Apple | 1 Os X Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2016-4524 | 1 Abb | 1 Pcm600 | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-4511 | 1 Abb | 1 Pcm600 | 2024-11-21 | 1.9 LOW | 2.8 LOW |
| ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. | |||||
| CVE-2016-4495 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | |||||
| CVE-2016-4457 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | |||||
| CVE-2016-4379 | 1 Hp | 2 Integrated Lights-out 3, Integrated Lights-out 3 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. | |||||
| CVE-2016-4005 | 1 Huawei | 1 Hilink App | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-3071 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||||
| CVE-2016-2953 | 1 Ibm | 1 Connections | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2016-2951 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. | |||||
| CVE-2016-2364 | 1 Fonality | 2 Fonality, Hud Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-2333 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-2306 | 1 Ecava | 1 Integraxor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2016-2268 | 1 Dell | 1 Secureworks | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||