CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1000121 79 XSS 2016-10-27 2016-11-28
3.5
None Remote Medium Single system None Partial None
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
2 CVE-2016-8562 20 DoS 2016-11-18 2016-12-02
3.5
None Remote Medium Single system None None Partial
Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.
3 CVE-2016-8290 2016-10-25 2016-12-02
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633.
4 CVE-2016-8289 264 2016-10-25 2016-12-02
3.3
None Local Medium Not required None Partial Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.
5 CVE-2016-8287 2016-10-25 2016-12-02
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.
6 CVE-2016-8286 200 +Info 2016-10-25 2016-12-02
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.
7 CVE-2016-7777 362 2016-10-07 2016-10-11
3.3
None Local Medium Not required Partial Partial None
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
8 CVE-2016-7419 79 XSS 2016-09-17 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
9 CVE-2016-7226 284 +Priv 2016-11-10 2016-11-28
3.6
None Local Low Not required Partial Partial None
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
10 CVE-2016-7225 284 +Priv 2016-11-10 2016-11-28
3.6
None Local Low Not required Partial Partial None
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
11 CVE-2016-7224 284 +Priv 2016-11-10 2016-11-28
3.6
None Local Low Not required Partial Partial None
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
12 CVE-2016-7223 284 +Priv 2016-11-10 2016-11-28
3.6
None Local Low Not required Partial Partial None
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
13 CVE-2016-7119 79 XSS 2016-08-31 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
14 CVE-2016-7097 285 +Priv 2016-10-16 2016-11-29
3.6
None Local Low Not required Partial Partial None
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
15 CVE-2016-6913 79 XSS 2016-09-26 2016-09-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
16 CVE-2016-6647 79 XSS 2016-09-29 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
17 CVE-2016-6641 79 XSS 2016-09-17 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
18 CVE-2016-6395 79 XSS 2016-09-12 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
19 CVE-2016-6320 79 XSS 2016-08-19 2016-08-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
20 CVE-2016-6257 310 2016-08-02 2016-08-12
3.3
None Local Network Low Not required None Partial None
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
21 CVE-2016-5981 79 XSS 2016-11-24 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
22 CVE-2016-5978 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
23 CVE-2016-5975 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.
24 CVE-2016-5974 79 XSS 2016-09-26 2016-09-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
25 CVE-2016-5955 79 XSS 2016-11-24 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
26 CVE-2016-5947 20 2016-09-26 2016-11-28
3.5
None Remote Medium Single system None Partial None
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
27 CVE-2016-5944 79 XSS 2016-09-26 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
28 CVE-2016-5920 79 XSS 2016-10-28 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
29 CVE-2016-5905 79 XSS 2016-11-30 2016-11-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
30 CVE-2016-5901 79 XSS 2016-10-05 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2016-5892 79 XSS 2016-10-05 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
32 CVE-2016-5890 255 2016-11-30 2016-12-02
3.5
None Remote Medium Single system None Partial None
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
33 CVE-2016-5850 79 XSS 2016-07-12 2016-07-14
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
34 CVE-2016-5618 200 +Info 2016-10-25 2016-11-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
35 CVE-2016-5604 284 2016-10-25 2016-11-28
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.
36 CVE-2016-5602 200 +Info 2016-10-25 2016-11-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
37 CVE-2016-5601 284 2016-10-25 2016-11-28
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components.
38 CVE-2016-5584 200 +Info 2016-10-25 2016-11-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
39 CVE-2016-5540 254 2016-10-25 2016-11-28
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors.
40 CVE-2016-5506 284 2016-10-25 2016-11-28
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.
41 CVE-2016-5492 284 2016-10-25 2016-11-28
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users.
42 CVE-2016-5473 2016-07-21 2016-11-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537.
43 CVE-2016-5464 2016-07-21 2016-11-28
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5463.
44 CVE-2016-5463 2016-07-21 2016-11-28
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464.
45 CVE-2016-5398 79 XSS 2016-10-03 2016-10-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
46 CVE-2016-5395 79 XSS 2016-09-26 2016-09-27
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
47 CVE-2016-5087 264 2016-06-25 2016-06-28
3.6
None Local Low Not required None Partial Partial
Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.
48 CVE-2016-5005 79 XSS 2016-07-28 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
49 CVE-2016-4995 200 +Info 2016-08-19 2016-08-22
3.5
None Remote Medium Single system Partial None None
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
50 CVE-2016-4790 79 XSS 2016-05-26 2016-05-26
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 2000   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.