CWE-16
93 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-16page 2 of 2
- CVE-2019-19001MEDIUMCVSS 6.5EG 6.52020-04-02
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing s…
- CVE-2019-19002MEDIUMCVSS 6.3EG 5.42020-04-02
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
- CVE-2019-19003MEDIUMCVSS 5.3EG 6.12020-04-02
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
- CVE-2019-19089MEDIUMCVSS 6.1EG 6.12020-04-02
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack …
- CVE-2019-19090LOWCVSS 3.5EG 3.52020-04-02
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
- CVE-2019-19091MEDIUMCVSS 4.3EG 4.32020-04-02
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
- CVE-2019-19092LOWCVSS 3.5EG 3.52020-04-02
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.
- CVE-2019-19097MEDIUMCVSS 5.9EG 7.52020-04-02
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
- CVE-2019-3939CRITICALCVSS 9.8EG 9.82019-04-30
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged acce…
- CVE-2019-3949CRITICALCVSS 9.8EG 9.82019-07-09
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute …
- CVE-2020-16247MEDIUMCVSS 6.8EG 7.12020-09-18
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
- CVE-2020-1769LOWCVSS 3.5EG 4.32020-03-27
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior…
- CVE-2020-2041HIGHCVSS 7.5EG 7.52020-09-09
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send th…
- CVE-2020-3484MEDIUMCVSS 5.3EG 5.32020-08-26
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to inc…
- CVE-2020-8351HIGHCVSS 7.8EG 7.82020-11-30
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8353MEDIUMCVSS 6.7EG 6.72020-11-11
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel…
- CVE-2021-0222HIGHCVSS 7.4EG 7.42021-01-15
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets…
- CVE-2021-20032CRITICALCVSS 9.8EG 9.82021-08-10
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and …
- CVE-2021-21532MEDIUMCVSS 5.0EG 6.32021-04-02
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to ch…
- CVE-2021-22957HIGHCVSS 8.8EG 8.82021-11-24
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s …
- CVE-2021-31380MEDIUMCVSS 5.3EG 5.32021-10-19
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP res…
- CVE-2021-31381MEDIUMCVSS 6.5EG 6.52021-10-19
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to d…
- CVE-2021-35233MEDIUMCVSS 5.3EG 5.32021-10-27
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTT…
- CVE-2022-22183HIGHCVSS 7.5EG 7.52022-04-14
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, …
- CVE-2022-28762HIGHCVSS 7.3EG 7.82022-10-14
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running…
- CVE-2022-29095HIGHCVSS 8.3EG 9.62022-06-10
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially expl…
- CVE-2022-33233HIGHCVSS 7.8EG 7.82023-02-12
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
- CVE-2022-36423HIGHCVSS 7.4EG 6.52022-09-09
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
- CVE-2022-37397HIGHCVSS 8.3EG 9.82022-08-12
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty p…
- CVE-2022-43516MEDIUMCVSS 6.5EG 9.82022-12-05
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
- CVE-2023-33076MEDIUMCVSS 5.9EG 5.92024-02-06
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
- CVE-2023-33105HIGHCVSS 7.5EG 7.52024-03-04
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
- CVE-2023-39385CRITICALCVSS 9.1EG 9.12023-08-13
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
- CVE-2023-39392HIGHCVSS 7.5EG 7.52023-08-13
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
- CVE-2023-43088MEDIUMCVSS 6.8EG 7.22023-12-22
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
- CVE-2023-52719HIGHCVSS 7.1EG 7.12024-05-14
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-32991HIGHCVSS 7.5EG 7.52024-05-14
Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-42031HIGHCVSS 7.5EG 7.52024-08-08
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-46909CRITICALCVSS 9.8EG 9.82024-12-02
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
- CVE-2024-47291MEDIUMCVSS 5.6EG 5.62024-09-27
Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-47294MEDIUMCVSS 4.4EG 4.42024-09-27
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-12221HIGHCVSS 8.8EG 8.82025-10-25
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-20151MEDIUMCVSS 4.3EG 4.32025-05-07
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP,…
Map vulnerabilities like CWE-16 to your infrastructure
EchelonGraph correlates every CVE — across CWE-16 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →