CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2268 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
2 CVE-2016-2230 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
3 CVE-2016-2214 XSS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
4 CVE-2016-2213 DoS 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
5 CVE-2016-2201 Bypass 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
6 CVE-2016-2200 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
7 CVE-2016-2199 CSRF 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
8 CVE-2016-2091 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
9 CVE-2016-2089 DoS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
10 CVE-2016-2049 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.
11 CVE-2016-2048 Bypass 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
12 CVE-2016-1985 Exec Code 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
13 CVE-2016-1924 DoS 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
14 CVE-2016-1923 DoS Overflow 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
15 CVE-2016-1906 +Priv 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy.
16 CVE-2016-1905 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
17 CVE-2016-1882 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
18 CVE-2016-1879 DoS 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
19 CVE-2016-1730 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
20 CVE-2016-1729 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
21 CVE-2016-1728 +Info 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
22 CVE-2016-1727 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
23 CVE-2016-1726 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
24 CVE-2016-1725 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
25 CVE-2016-1724 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
26 CVE-2016-1723 DoS Exec Code Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
27 CVE-2016-1722 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
28 CVE-2016-1719 DoS +Priv Mem. Corr. 2016-02-01 2016-02-01
0.0
None ??? ??? ??? ??? ??? ???
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
29 CVE-2016-1505 2016-02-03 2016-02-03
0.0
None ??? ??? ??? ??? ??? ???
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
30 CVE-2016-1493 Exec Code 2016-01-29 2016-01-29
0.0
None ??? ??? ??? ??? ??? ???
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
31 CVE-2016-1488 XSS 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
32 CVE-2016-1319 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
33 CVE-2016-1318 XSS 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
34 CVE-2016-1317 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
35 CVE-2016-1316 +Info 2016-02-08 2016-02-08
0.0
None ??? ??? ??? ??? ??? ???
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
36 CVE-2016-1311 XSS 2016-02-06 2016-02-06
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.
37 CVE-2016-1310 XSS 2016-02-06 2016-02-06
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
38 CVE-2016-1309 XSS 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.
39 CVE-2016-1308 Exec Code Sql 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
40 CVE-2016-1307 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
41 CVE-2016-1306 XSS 2016-02-06 2016-02-06
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.
42 CVE-2016-1305 XSS 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
43 CVE-2016-1303 DoS 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.
44 CVE-2016-1302 Bypass 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
45 CVE-2016-1301 2016-02-07 2016-02-07
0.0
None ??? ??? ??? ??? ??? ???
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
46 CVE-2016-1299 DoS 2016-01-27 2016-01-27
0.0
None ??? ??? ??? ??? ??? ???
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
47 CVE-2016-1284 DoS 2016-02-04 2016-02-04
0.0
None ??? ??? ??? ??? ??? ???
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
48 CVE-2016-1145 Dir. Trav. 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
49 CVE-2016-1144 XSS 2016-01-30 2016-01-30
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
50 CVE-2016-1135 XSS 2016-01-22 2016-01-22
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 341   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.