The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-5832 | The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | MEDIUM | Jun 29, 2016 |
| CVE-2016-5829 | Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. | HIGH | Jun 27, 2016 |
| CVE-2016-5828 | The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. | HIGH | Jun 27, 2016 |
| CVE-2016-5827 | The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. | MEDIUM | Feb 5, 2017 |
| CVE-2016-5826 | The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. | MEDIUM | Feb 5, 2017 |
| CVE-2016-5825 | The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. | MEDIUM | Feb 5, 2017 |
| CVE-2016-5824 | libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | MEDIUM | Feb 5, 2017 |
| CVE-2016-5823 | The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | MEDIUM | Feb 5, 2017 |
| CVE-2016-5822 | Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | HIGH | Jan 31, 2017 |
| CVE-2016-5821 | Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTINUsers) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. | HIGH | Jul 14, 2016 |
| CVE-2016-5820 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-5819 | Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | MEDIUM | Mar 21, 2019 |
| CVE-2016-5818 | An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | HIGH | Feb 17, 2017 |
| CVE-2016-5817 | SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | HIGH | Aug 22, 2016 |
| CVE-2016-5816 | A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | MEDIUM | Aug 25, 2017 |
| CVE-2016-5815 | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | HIGH | Feb 14, 2017 |
| CVE-2016-5814 | Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file. | HIGH | Sep 20, 2016 |
| CVE-2016-5813 | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). | MEDIUM | Feb 14, 2017 |
| CVE-2016-5812 | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | LOW | Aug 24, 2016 |
| CVE-2016-5811 | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING). | MEDIUM | Feb 17, 2017 |
| CVE-2016-5810 | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | MEDIUM | May 11, 2017 |
| CVE-2016-5809 | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | MEDIUM | Feb 14, 2017 |
| CVE-2016-5808 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-5807 | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request. | MEDIUM | Jul 18, 2016 |
| CVE-2016-5806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-5805 | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service. | MEDIUM | Feb 14, 2017 |
| CVE-2016-5804 | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | MEDIUM | Jul 19, 2016 |
| CVE-2016-5803 | An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as .. that can resolve to a location that is outside of that directory. | HIGH | Feb 14, 2017 |
| CVE-2016-5802 | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software. | MEDIUM | Feb 14, 2017 |
| CVE-2016-5801 | An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. | MEDIUM | Feb 17, 2017 |
| CVE-2016-5800 | A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. | MEDIUM | Mar 27, 2019 |
| CVE-2016-5799 | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | HIGH | Aug 24, 2016 |
| CVE-2016-5798 | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server. | MEDIUM | Feb 17, 2017 |
| CVE-2016-5797 | Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts. | MEDIUM | Jul 18, 2016 |
| CVE-2016-5796 | An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. | MEDIUM | Feb 17, 2017 |
| CVE-2016-5795 | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. | High | Sep 7, 2017 |
| CVE-2016-5794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-5793 | Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | HIGH | Sep 27, 2016 |
| CVE-2016-5792 | SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | HIGH | Aug 11, 2016 |
| CVE-2016-5791 | An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | HIGH | Oct 12, 2017 |
| CVE-2016-5790 | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | MEDIUM | Jul 18, 2016 |
| CVE-2016-5789 | A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | MEDIUM | Oct 12, 2017 |
| CVE-2016-5788 | General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | HIGH | Nov 28, 2016 |
| CVE-2016-5787 | General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | MEDIUM | Jul 19, 2016 |
| CVE-2016-5786 | An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials. | MEDIUM | Feb 17, 2017 |
| CVE-2016-5782 | An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. | HIGH | Feb 14, 2017 |
| CVE-2016-5781 | Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. | MEDIUM | Jul 12, 2016 |
| CVE-2016-5774 | The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters. | MEDIUM | Jul 12, 2016 |
| CVE-2016-5773 | php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. | HIGH | Aug 10, 2016 |
| CVE-2016-5772 | Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | HIGH | Aug 10, 2016 |
