CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4421 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.
2 CVE-2016-4420 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3 CVE-2016-4419 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
4 CVE-2016-4418 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.
5 CVE-2016-4417 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.
6 CVE-2016-4416 DoS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
7 CVE-2016-4415 DoS Overflow 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.
8 CVE-2016-4349 +Priv 2016-04-28 2016-04-28
0.0
None ??? ??? ??? ??? ??? ???
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
9 CVE-2016-3984 Bypass 2016-04-08 2016-04-15
0.0
None ??? ??? ??? ??? ??? ???
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
10 CVE-2016-3672 Bypass 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
11 CVE-2016-3190 DoS 2016-04-21 2016-04-21
0.0
None ??? ??? ??? ??? ??? ???
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
12 CVE-2016-3156 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
13 CVE-2016-3145 +Info 2016-04-21 2016-04-21
0.0
None ??? ??? ??? ??? ??? ???
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.
14 CVE-2016-3139 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
15 CVE-2016-3135 DoS Overflow +Priv Mem. Corr. 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
16 CVE-2016-3134 DoS +Priv Mem. Corr. 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
17 CVE-2016-3082 Exec Code 2016-04-26 2016-04-26
0.0
None ??? ??? ??? ??? ??? ???
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
18 CVE-2016-3081 Exec Code 2016-04-26 2016-04-26
0.0
None ??? ??? ??? ??? ??? ???
Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
19 CVE-2016-3074 DoS Exec Code Overflow 2016-04-26 2016-04-26
0.0
None ??? ??? ??? ??? ??? ???
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
20 CVE-2016-2820 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.
21 CVE-2016-2817 XSS 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.
22 CVE-2016-2816 Bypass 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
23 CVE-2016-2814 Exec Code Overflow 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
24 CVE-2016-2813 +Info 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.
25 CVE-2016-2812 DoS Exec Code Overflow 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
26 CVE-2016-2811 Exec Code 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
27 CVE-2016-2810 Bypass 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.
28 CVE-2016-2809 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
29 CVE-2016-2808 DoS Exec Code Overflow 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
30 CVE-2016-2807 DoS Exec Code Mem. Corr. 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
31 CVE-2016-2806 DoS Exec Code Mem. Corr. 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
32 CVE-2016-2805 DoS Exec Code Mem. Corr. 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
33 CVE-2016-2804 DoS Exec Code Mem. Corr. 2016-04-30 2016-04-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
34 CVE-2016-2782 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
35 CVE-2016-2550 DoS Bypass 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.
36 CVE-2016-2549 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
37 CVE-2016-2548 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
38 CVE-2016-2543 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.
39 CVE-2016-2383 +Info 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.
40 CVE-2016-2354 2016-04-21 2016-04-21
0.0
None ??? ??? ??? ??? ??? ???
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.
41 CVE-2016-2333 2016-04-25 2016-04-25
0.0
None ??? ??? ??? ??? ??? ???
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
42 CVE-2016-2332 Exec Code 2016-04-25 2016-04-25
0.0
None ??? ??? ??? ??? ??? ???
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.
43 CVE-2016-2331 2016-04-25 2016-04-25
0.0
None ??? ??? ??? ??? ??? ???
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.
44 CVE-2016-2280 DoS Overflow 2016-04-21 2016-04-21
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors.
45 CVE-2016-2184 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
46 CVE-2016-2143 DoS 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
47 CVE-2016-2085 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.
48 CVE-2016-2076 2016-04-15 2016-04-15
0.0
None ??? ??? ??? ??? ??? ???
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
49 CVE-2016-2069 +Priv 2016-04-27 2016-04-27
0.0
None ??? ??? ??? ??? ??? ???
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
50 CVE-2016-2003 Exec Code 2016-04-20 2016-04-20
0.0
None ??? ??? ??? ??? ??? ???
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Total number of vulnerabilities : 146   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.