CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1983 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
2 CVE-2016-1982 20 DoS 2016-01-27 2016-01-31
5.0
None Remote Low Not required None None Partial
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
3 CVE-2016-1940 17 2016-01-31 2016-02-10
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
4 CVE-2016-1939 200 +Info 2016-01-31 2016-02-10
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
5 CVE-2016-1910 200 +Info 2016-01-15 2016-01-21
5.0
None Remote Low Not required Partial None None
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
6 CVE-2016-1907 119 DoS Overflow 2016-01-19 2016-01-22
5.0
None Remote Low Not required None None Partial
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
7 CVE-2016-1715 189 DoS +Priv Mem. Corr. 2016-01-12 2016-01-21
5.5
None Local Medium Single system Partial Partial Complete
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.
8 CVE-2016-1494 20 2016-01-13 2016-01-15
5.0
None Remote Low Not required None Partial None
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
9 CVE-2016-1491 255 2016-01-26 2016-02-10
5.4
None Local Network Medium Not required Partial Partial Partial
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
10 CVE-2016-1296 254 Bypass 2016-01-20 2016-01-22
5.0
None Remote Low Not required None Partial None
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
11 CVE-2016-1295 200 +Info 2016-01-16 2016-01-21
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
12 CVE-2016-1260 399 DoS 2016-01-15 2016-01-21
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.
13 CVE-2016-1258 20 DoS 2016-01-15 2016-01-21
5.0
None Remote Low Not required None None Partial
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors.
14 CVE-2016-1256 399 DoS 2016-01-15 2016-01-21
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service."
15 CVE-2016-1232 2016-01-12 2016-01-21
5.0
None Remote Low Not required Partial None None
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
16 CVE-2016-1137 2016-01-30 2016-02-10
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
17 CVE-2016-0855 22 Dir. Trav. 2016-01-14 2016-01-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
18 CVE-2016-0853 200 +Info 2016-01-14 2016-01-21
5.0
None Remote Low Not required Partial None None
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
19 CVE-2016-0852 264 Bypass 2016-01-14 2016-01-21
5.0
None Remote Low Not required Partial None None
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.
20 CVE-2016-0556 2016-01-20 2016-02-08
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557.
21 CVE-2016-0526 2016-01-20 2016-02-04
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework.
22 CVE-2016-0481 2016-01-20 2016-02-04
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486.
23 CVE-2016-0476 2016-01-20 2016-02-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478.
24 CVE-2016-0475 2016-01-20 2016-02-04
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
25 CVE-2016-0472 2016-01-20 2016-02-04
5.5
None Remote Low Single system Partial None Partial
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors.
26 CVE-2016-0470 2016-01-20 2016-02-08
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security.
27 CVE-2016-0466 2016-01-20 2016-02-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
28 CVE-2016-0460 2016-01-20 2016-02-08
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar.
29 CVE-2016-0457 2016-01-20 2016-02-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456.
30 CVE-2016-0456 2016-01-20 2016-02-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457.
31 CVE-2016-0455 2016-01-20 2016-02-08
5.2
None Local Low Single system Complete None Partial
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality and availability via unknown vectors related to Agent Next Gen.
32 CVE-2016-0450 2016-01-20 2016-02-04
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors.
33 CVE-2016-0439 2016-01-20 2016-02-04
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430.
34 CVE-2016-0421 2016-01-20 2016-02-04
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Monitoring and Diagnostics SEC.
35 CVE-2016-0416 2016-01-20 2016-02-04
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility.
36 CVE-2016-0402 2016-01-20 2016-02-03
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
37 CVE-2015-8792 119 Overflow +Info 2016-01-29 2016-02-04
5.0
None Remote Low Not required Partial None None
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
38 CVE-2015-8754 264 Bypass 2016-01-08 2016-01-11
5.0
None Remote Low Not required None Partial None
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.
39 CVE-2015-8688 20 2016-01-15 2016-01-20
5.8
None Remote Medium Not required Partial Partial None
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
40 CVE-2015-8672 19 DoS 2016-01-12 2016-01-20
5.0
None Remote Low Not required None None Partial
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving to a wireless presentation.
41 CVE-2015-8669 200 +Info 2015-12-26 2015-12-28
5.0
None Remote Low Not required Partial None None
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
42 CVE-2015-8605 20 DoS 2016-01-14 2016-01-21
5.7
None Local Network Medium Not required None None Complete
ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
43 CVE-2015-8601 200 Bypass +Info 2015-12-17 2015-12-18
5.0
None Remote Low Not required Partial None None
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
44 CVE-2015-8597 2016-01-08 2016-01-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
45 CVE-2015-8547 17 DoS 2016-01-08 2016-01-13
5.0
None Remote Low Not required None None Partial
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
46 CVE-2015-8476 20 2015-12-16 2015-12-17
5.0
None Remote Low Not required None Partial None
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
47 CVE-2015-8466 20 2016-01-13 2016-01-21
5.8
None Remote Medium Not required Partial Partial None
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
48 CVE-2015-8393 200 +Info 2015-12-01 2015-12-02
5.0
None Remote Low Not required Partial None None
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
49 CVE-2015-8333 264 2016-01-11 2016-01-12
5.5
None Remote Low Single system None Partial Partial
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.
50 CVE-2015-8331 20 2016-01-11 2016-01-11
5.8
None Remote Medium Not required Partial Partial None
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.