CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4036 264 +Info 2016-04-18 2016-04-27
2.1
None Local Low Not required Partial None None
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
2 CVE-2016-3961 20 DoS 2016-04-15 2016-04-18
2.1
None Local Low Not required None None Partial
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
3 CVE-2016-3447 2016-04-21 2016-04-26
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core.
4 CVE-2016-3419 2016-04-21 2016-04-26
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
5 CVE-2016-2857 119 DoS Overflow 2016-04-11 2016-04-14
2.1
None Local Low Not required None None Partial
The net_checksum_calculate function in net/checksum.c in QEMU allows guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
6 CVE-2016-2513 200 +Info 2016-04-08 2016-04-13
2.6
None Remote High Not required Partial None None
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
7 CVE-2016-2509 200 +Info 2016-02-18 2016-03-22
2.9
None Local Network Medium Not required Partial None None
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
8 CVE-2016-2271 DoS 2016-02-19 2016-03-07
2.1
None Local Low Not required None None Partial
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
9 CVE-2016-2203 200 +Info 2016-04-22 2016-04-28
2.1
None Local Low Not required Partial None None
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
10 CVE-2016-2202 264 Bypass 2016-04-20 2016-04-28
2.1
None Local Low Not required None Partial None
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.
11 CVE-2016-2057 264 2016-04-13 2016-04-18
2.1
None Local Low Not required None Partial None
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
12 CVE-2016-1987 20 DoS 2016-02-18 2016-03-07
2.6
None Remote High Not required None None Partial
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
13 CVE-2016-1788 310 2016-03-23 2016-03-24
2.6
None Remote High Not required Partial None None
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
14 CVE-2016-1773 264 2016-03-23 2016-03-25
2.1
None Local Low Not required Partial None None
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
15 CVE-2016-1760 284 Bypass 2016-03-29 2016-03-29
2.1
None Local Low Not required None Partial None
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
16 CVE-2016-1745 DoS 2016-03-23 2016-03-25
2.1
None Local Low Not required None None Partial
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
17 CVE-2016-1732 119 DoS Overflow +Info 2016-03-23 2016-03-28
2.1
None Local Low Not required Partial None None
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
18 CVE-2016-1492 284 2016-01-26 2016-01-27
2.9
None Local Network Medium Not required Partial None None
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
19 CVE-2016-1490 200 +Info 2016-01-26 2016-01-27
2.7
None Local Network Low Single system Partial None None
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
20 CVE-2016-1284 20 DoS 2016-02-04 2016-03-10
2.6
None Remote High Not required None None Partial
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
21 CVE-2016-0823 200 +Info 2016-03-12 2016-03-21
2.1
None Local Low Not required Partial None None
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
22 CVE-2016-0701 200 +Info 2016-02-14 2016-03-11
2.6
None Remote High Not required Partial None None
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
23 CVE-2016-0695 2016-04-21 2016-04-27
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
24 CVE-2016-0688 2016-04-21 2016-04-27
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.
25 CVE-2016-0671 2016-04-21 2016-04-28
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.
26 CVE-2016-0667 2016-04-21 2016-04-26
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.
27 CVE-2016-0607 2016-01-20 2016-04-11
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
28 CVE-2016-0605 2016-01-20 2016-04-11
2.1
None Remote High Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
29 CVE-2016-0592 2016-01-20 2016-02-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.
30 CVE-2016-0454 2016-01-20 2016-02-04
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.
31 CVE-2016-0446 2016-01-20 2016-02-08
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.
32 CVE-2016-0125 200 +Info 2016-03-09 2016-03-09
2.6
None Remote High Not required Partial None None
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."
33 CVE-2016-0090 200 +Info 2016-04-12 2016-04-18
2.1
None Local Low Not required Partial None None
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
34 CVE-2016-0089 200 +Info 2016-04-12 2016-04-19
2.1
None Local Low Not required Partial None None
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
35 CVE-2016-0049 255 Bypass 2016-02-10 2016-02-16
2.1
None Local Low Not required None Partial None
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
36 CVE-2015-8777 254 Bypass 2016-01-20 2016-04-20
2.1
None Local Low Not required None Partial None
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
37 CVE-2015-8675 255 +Info 2016-01-15 2016-01-21
2.1
None Local Low Not required Partial None None
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.
38 CVE-2015-8629 119 DoS Overflow +Info 2016-02-12 2016-02-18
2.1
None Remote High Single system Partial None None
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
39 CVE-2015-8615 254 DoS 2016-01-08 2016-01-14
2.1
None Local Low Not required None None Partial
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).
40 CVE-2015-8577 264 Overflow Bypass 2015-12-16 2016-04-12
2.6
None Local High Not required Partial Partial None
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
41 CVE-2015-8575 200 Bypass +Info 2016-02-07 2016-02-25
2.1
None Local Low Not required Partial None None
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
42 CVE-2015-8553 200 +Info 2016-04-13 2016-04-18
2.1
None Local Low Not required Partial None None
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
43 CVE-2015-8512 284 2016-01-08 2016-01-14
2.1
None Local Low Not required Partial None None
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
44 CVE-2015-8508 79 XSS 2016-01-03 2016-01-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.
45 CVE-2015-8487 200 +Info CSRF 2016-02-16 2016-02-22
2.6
None Remote High Not required Partial None None
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
46 CVE-2015-8482 264 2015-12-07 2015-12-08
2.1
None Local Low Not required None Partial None
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.
47 CVE-2015-8374 200 +Info 2015-12-28 2015-12-28
2.1
None Local Low Not required Partial None None
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
48 CVE-2015-8303 200 +Info 2016-01-08 2016-01-13
2.1
None Local Low Not required Partial None None
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
49 CVE-2015-8233 79 XSS 2015-11-17 2015-11-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings.
50 CVE-2015-8100 200 +Info 2015-11-09 2015-11-10
2.1
None Local Low Not required Partial None None
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
Total number of vulnerabilities : 3065   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.