CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-6224 +Info 2016-07-22 2016-07-22
0.0
None ??? ??? ??? ??? ??? ???
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.
2 CVE-2016-6204 XSS 2016-07-22 2016-07-22
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
3 CVE-2016-5874 DoS 2016-07-22 2016-07-22
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.
4 CVE-2016-5744 2016-07-22 2016-07-22
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.
5 CVE-2016-5743 Exec Code 2016-07-22 2016-07-22
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
6 CVE-2016-5475 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.
7 CVE-2016-5474 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.
8 CVE-2016-5473 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537.
9 CVE-2016-5470 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer.
10 CVE-2016-5468 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.
11 CVE-2016-5460 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.
12 CVE-2016-5459 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp.
13 CVE-2016-5458 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.
14 CVE-2016-5457 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN.
15 CVE-2016-5456 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services.
16 CVE-2016-5137 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
17 CVE-2016-5136 DoS 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
18 CVE-2016-5135 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
19 CVE-2016-5134 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
20 CVE-2016-5133 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
21 CVE-2016-5132 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
22 CVE-2016-5131 DoS 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
23 CVE-2016-5130 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
24 CVE-2016-5129 DoS Mem. Corr. 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
25 CVE-2016-5128 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
26 CVE-2016-5127 DoS 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
27 CVE-2016-4653 DoS +Priv Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
28 CVE-2016-4652 DoS +Priv +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
29 CVE-2016-4651 XSS 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
30 CVE-2016-4649 DoS 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
31 CVE-2016-4648 DoS +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
32 CVE-2016-4647 DoS +Priv Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
33 CVE-2016-4646 DoS +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
34 CVE-2016-4645 +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
35 CVE-2016-4641 Exec Code +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
36 CVE-2016-4640 DoS Exec Code Mem. Corr. +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
37 CVE-2016-4639 DoS 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.
38 CVE-2016-4638 +Priv 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
39 CVE-2016-4637 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
40 CVE-2016-4635 +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
41 CVE-2016-4634 DoS +Priv Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
42 CVE-2016-4633 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
43 CVE-2016-4632 DoS 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
44 CVE-2016-4631 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
45 CVE-2016-4630 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
46 CVE-2016-4629 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
47 CVE-2016-4628 DoS +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
48 CVE-2016-4627 DoS +Priv 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
49 CVE-2016-4626 DoS +Priv 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
50 CVE-2016-4625 +Priv 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
Total number of vulnerabilities : 240   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.