CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2268 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
2 CVE-2016-2230 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
3 CVE-2016-2214 XSS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
4 CVE-2016-2213 DoS 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
5 CVE-2016-2201 Bypass 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
6 CVE-2016-2200 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
7 CVE-2016-2199 CSRF 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
8 CVE-2016-2091 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
9 CVE-2016-2089 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
10 CVE-2016-2049 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.
11 CVE-2016-2048 Bypass 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
12 CVE-2016-1985 Exec Code 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
13 CVE-2016-1948 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
14 CVE-2016-1947 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
15 CVE-2016-1946 DoS Overflow 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.
16 CVE-2016-1945 DoS 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.
17 CVE-2016-1944 DoS Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
18 CVE-2016-1943 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
19 CVE-2016-1942 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
20 CVE-2016-1941 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
21 CVE-2016-1940 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
22 CVE-2016-1939 +Info 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
23 CVE-2016-1938 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
24 CVE-2016-1937 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
25 CVE-2016-1935 Exec Code Overflow 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
26 CVE-2016-1933 DoS Overflow 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
27 CVE-2016-1931 DoS Exec Code Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
28 CVE-2016-1930 DoS Exec Code Mem. Corr. 2016-01-31 2016-01-31
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
29 CVE-2016-1924 DoS 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
30 CVE-2016-1923 DoS Overflow 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
31 CVE-2016-1906 +Priv 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy.
32 CVE-2016-1905 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
33 CVE-2016-1882 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
34 CVE-2016-1879 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
35 CVE-2016-1730 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
36 CVE-2016-1729 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
37 CVE-2016-1728 +Info 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
38 CVE-2016-1727 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
39 CVE-2016-1726 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
40 CVE-2016-1725 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
41 CVE-2016-1724 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
42 CVE-2016-1723 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
43 CVE-2016-1722 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
44 CVE-2016-1719 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
45 CVE-2016-1505 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
46 CVE-2016-1493 Exec Code 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
47 CVE-2016-1488 XSS 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
48 CVE-2016-1319 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
49 CVE-2016-1318 XSS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
50 CVE-2016-1317 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
Total number of vulnerabilities : 316   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.