CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6351 CVE-2016-1000342 347 2018-06-04 2018-11-28
5.0
None Remote Low Not required None Partial None
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
6352 CVE-2016-1000340 19 2018-06-04 2018-11-28
5.0
None Remote Low Not required None Partial None
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
6353 CVE-2016-1000339 310 +Info 2018-06-04 2018-11-28
5.0
None Remote Low Not required Partial None None
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
6354 CVE-2016-1000338 347 2018-06-01 2018-10-17
5.0
None Remote Low Not required None Partial None
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
6355 CVE-2016-1000232 20 DoS 2018-09-05 2018-10-31
5.0
None Remote Low Not required None None Partial
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
6356 CVE-2016-1000222 88 2017-06-16 2017-07-03
5.0
None Remote Low Not required None Partial None
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
6357 CVE-2016-1000221 200 +Info 2017-06-16 2017-07-03
5.0
None Remote Low Not required Partial None None
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
6358 CVE-2016-1000219 285 2017-06-16 2017-06-28
5.0
None Remote Low Not required None Partial None
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
6359 CVE-2016-1000215 DoS 2016-10-25 2017-07-06
5.0
None Remote Low Not required None None Partial
Ruckus Wireless H500 web management interface denial of service
6360 CVE-2016-1000214 287 Bypass 2016-10-25 2017-07-06
5.0
None Remote Low Not required Partial None None
Ruckus Wireless H500 web management interface authentication bypass
6361 CVE-2016-1000032 284 2016-10-25 2017-01-18
5.0
None Remote Low Not required None Partial None
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
6362 CVE-2016-1000009 254 2016-10-06 2018-04-13
5.0
None Remote Low Not required None Partial None
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.
6363 CVE-2016-1000001 601 2016-10-07 2017-02-19
5.8
None Remote Medium Not required Partial Partial None
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
6364 CVE-2016-10929 264 2019-08-22 2019-08-23
5.0
None Remote Low Not required Partial None None
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
6365 CVE-2016-10924 22 Dir. Trav. 2019-08-22 2019-08-23
5.0
None Remote Low Not required Partial None None
The ebook-download plugin before 1.2 for WordPress has directory traversal.
6366 CVE-2016-10899 20 2019-08-21 2019-08-22
5.0
None Remote Low Not required None Partial None
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.
6367 CVE-2016-10883 352 CSRF 2019-08-14 2019-08-20
5.8
None Remote Medium Not required None Partial Partial
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
6368 CVE-2016-10860 284 2019-08-01 2019-08-12
5.5
None Remote Low Single system None Partial Partial
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
6369 CVE-2016-10859 285 2019-08-01 2019-08-08
5.5
None Remote Low Single system Partial Partial None
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
6370 CVE-2016-10847 74 2019-08-01 2019-08-08
5.5
None Remote Low Single system Partial Partial None
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
6371 CVE-2016-10843 77 Exec Code 2019-08-01 2019-08-08
5.5
None Remote Low Single system Partial Partial None
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
6372 CVE-2016-10839 89 Sql 2019-08-01 2019-08-13
5.5
None Remote Low Single system Partial Partial None
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
6373 CVE-2016-10833 287 2019-08-01 2019-08-12
5.0
None Remote Low Not required Partial None None
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
6374 CVE-2016-10830 284 Bypass 2019-08-01 2019-08-12
5.5
None Remote Low Single system Partial Partial None
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
6375 CVE-2016-10825 358 Bypass 2019-08-01 2019-08-12
5.5
None Remote Low Single system Partial Partial None
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
6376 CVE-2016-10803 93 2019-08-07 2019-08-12
5.0
None Remote Low Not required None Partial None
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
6377 CVE-2016-10791 255 2019-08-06 2019-08-13
5.0
None Remote Low Not required None Partial None
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
6378 CVE-2016-10790 200 +Info 2019-08-06 2019-08-12
5.0
None Remote Low Not required Partial None None
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
6379 CVE-2016-10787 20 2019-08-06 2019-08-09
5.5
None Remote Low Single system Partial Partial None
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
6380 CVE-2016-10771 20 2019-08-05 2019-08-09
5.5
None Remote Low Single system Partial Partial None
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
6381 CVE-2016-10770 20 2019-08-05 2019-08-09
5.5
None Remote Low Single system None Partial Partial
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
6382 CVE-2016-10769 601 2019-08-05 2019-08-08
5.8
None Remote Medium Not required Partial Partial None
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
6383 CVE-2016-10768 20 2019-08-05 2019-08-08
5.5
None Remote Low Single system None Partial Partial
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
6384 CVE-2016-10765 20 2019-07-29 2019-08-07
5.0
None Remote Low Not required None Partial None
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
6385 CVE-2016-10762 77 2019-07-18 2019-07-18
5.1
None Remote High Not required Partial Partial Partial
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
6386 CVE-2016-10746 254 2019-04-18 2019-05-01
5.0
None Remote Low Not required None Partial None
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
6387 CVE-2016-10745 134 2019-04-08 2019-06-06
5.0
None Remote Low Not required Partial None None
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
6388 CVE-2016-10743 332 2019-03-23 2019-04-10
5.0
None Remote Low Not required None Partial None
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
6389 CVE-2016-10728 20 2018-07-23 2018-09-20
5.0
None Remote Low Not required None Partial None
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.
6390 CVE-2016-10727 200 +Info 2018-07-20 2018-09-18
5.0
None Remote Low Not required Partial None None
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
6391 CVE-2016-10726 22 Dir. Trav. 2018-07-10 2018-09-06
5.0
None Remote Low Not required Partial None None
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
6392 CVE-2016-10725 310 2018-07-05 2019-07-17
5.0
None Remote Low Not required None None Partial
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
6393 CVE-2016-10718 20 DoS 2018-04-03 2018-05-10
5.0
None Remote Low Not required None None Partial
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.
6394 CVE-2016-10712 20 2018-02-09 2019-05-22
5.0
None Remote Low Not required None Partial None
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.
6395 CVE-2016-10708 476 DoS 2018-01-21 2019-06-26
5.0
None Remote Low Not required None None Partial
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
6396 CVE-2016-10707 400 DoS 2018-01-18 2018-02-02
5.0
None Remote Low Not required None None Partial
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
6397 CVE-2016-10702 200 +Info 2017-11-28 2017-12-20
5.8
None Remote Medium Not required Partial Partial None
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.
6398 CVE-2016-10561 22 Dir. Trav. 2018-05-31 2018-07-05
5.0
None Remote Low Not required Partial None None
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
6399 CVE-2016-10556 89 Sql 2018-05-29 2018-07-09
5.0
None Remote Low Not required None None Partial
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.
6400 CVE-2016-10552 254 2018-05-31 2018-07-03
5.8
None Remote Medium Not required Partial Partial None
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 (This Page)129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.