U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Search Type: Search All
  • CPE Name Search: false
There are 243,957 matching records.
Displaying matches 160,081 through 160,100.
Vuln ID Summary CVSS Severity
CVE-2016-5076

CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5075

CloudView NMS before 2.10a has XSS via a TELNET login.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5074

CloudView NMS before 2.10a has a format string issue exploitable over SNMP.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5073

CloudView NMS before 2.10a has XSS via SNMP.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5072

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-5071

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 10.0 HIGH
CVE-2016-5070

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 5.0 MEDIUM
CVE-2016-5069

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5068

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5067

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2016-5066

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-5065

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5059

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5058

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5056

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5055

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5054

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5053

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.

Published: April 09, 2017; 11:59:01 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM