CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6201 CVE-2016-7919 89 Sql +Info 2016-10-28 2016-12-02
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."
6202 CVE-2016-7889 200 +Info 2016-12-15 2016-12-22
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.
6203 CVE-2016-7888 200 +Info 2016-12-15 2016-12-21
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.
6204 CVE-2016-7887 200 +Info 2016-12-15 2016-12-21
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.
6205 CVE-2016-7845 264 2017-08-02 2017-08-03
5.5
None Remote Low Single system Partial None Partial
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing.
6206 CVE-2016-7832 200 Bypass +Info 2017-06-09 2017-06-14
5.0
None Remote Low Not required Partial None None
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
6207 CVE-2016-7831 601 2017-06-09 2017-06-16
5.8
None Remote Medium Not required Partial Partial None
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.
6208 CVE-2016-7830 306 Bypass 2017-06-09 2017-06-22
5.8
None Local Network Low Not required Partial Partial Partial
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
6209 CVE-2016-7814 200 +Info 2017-06-09 2017-06-16
5.0
None Remote Low Not required Partial None None
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
6210 CVE-2016-7811 284 Bypass 2017-06-09 2017-06-16
5.8
None Local Network Low Not required Partial Partial Partial
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
6211 CVE-2016-7807 284 Bypass 2017-06-09 2017-06-15
5.0
None Remote Low Not required Partial None None
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
6212 CVE-2016-7800 119 DoS Overflow 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
6213 CVE-2016-7798 310 Bypass 2017-01-30 2018-07-14
5.0
None Remote Low Not required Partial None None
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
6214 CVE-2016-7797 254 DoS 2017-03-24 2018-10-30
5.0
None Remote Low Not required None None Partial
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
6215 CVE-2016-7667 20 DoS 2017-02-20 2017-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
6216 CVE-2016-7662 295 2017-02-20 2018-10-30
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
6217 CVE-2016-7643 125 DoS +Info 2017-02-20 2018-10-30
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.
6218 CVE-2016-7564 119 DoS Overflow 2017-01-18 2017-01-20
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.
6219 CVE-2016-7563 125 DoS 2017-01-18 2017-01-20
5.0
None Remote Low Not required None None Partial
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.
6220 CVE-2016-7551 399 DoS 2017-04-17 2017-04-24
5.0
None Remote Low Not required None None Partial
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
6221 CVE-2016-7550 476 DoS 2019-05-23 2019-05-24
5.0
None Remote Low Not required None None Partial
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
6222 CVE-2016-7544 399 2017-01-30 2017-02-07
5.0
None Remote Low Not required None None Partial
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
6223 CVE-2016-7506 125 DoS Exec Code 2016-10-28 2016-12-02
5.0
None Remote Low Not required None None Partial
An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition.
6224 CVE-2016-7478 DoS 2017-01-11 2018-01-13
5.0
None Remote Low Not required None None Partial
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
6225 CVE-2016-7476 20 DoS 2017-05-11 2019-06-06
5.0
None Remote Low Not required None None Partial
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.
6226 CVE-2016-7475 20 2018-10-08 2019-01-09
5.0
None Remote Low Not required None None Partial
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
6227 CVE-2016-7472 20 DoS 2018-04-03 2018-05-10
5.0
None Remote Low Not required None None Partial
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.
6228 CVE-2016-7458 611 2016-12-29 2017-07-27
5.0
None Remote Low Not required Partial None None
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
6229 CVE-2016-7452 434 Dir. Trav. 2016-11-03 2018-02-26
5.0
None Remote Low Not required None Partial None
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
6230 CVE-2016-7449 125 DoS 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
6231 CVE-2016-7445 476 DoS 2016-10-03 2018-10-30
5.0
None Remote Low Not required None None Partial
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
6232 CVE-2016-7444 264 Bypass 2016-09-27 2018-01-04
5.0
None Remote Low Not required None Partial None
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
6233 CVE-2016-7434 20 DoS 2017-01-13 2017-11-20
5.0
None Remote Low Not required None None Partial
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
6234 CVE-2016-7433 682 2017-01-13 2018-01-04
5.0
None Remote Low Not required None None Partial
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
6235 CVE-2016-7431 20 Bypass 2017-01-13 2018-11-08
5.0
None Remote Low Not required None Partial None
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
6236 CVE-2016-7418 119 DoS Overflow 2016-09-17 2018-05-03
5.0
None Remote Low Not required None None Partial
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
6237 CVE-2016-7416 119 DoS Overflow 2016-09-17 2018-05-03
5.0
None Remote Low Not required None None Partial
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
6238 CVE-2016-7401 254 Bypass CSRF 2016-10-03 2018-01-04
5.0
None Remote Low Not required None Partial None
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
6239 CVE-2016-7291 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
6240 CVE-2016-7290 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
6241 CVE-2016-7276 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
6242 CVE-2016-7270 310 Bypass +Info 2016-12-20 2018-10-12
5.0
None Remote Low Not required Partial None None
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
6243 CVE-2016-7268 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
6244 CVE-2016-7265 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
6245 CVE-2016-7264 125 DoS +Info 2016-12-20 2018-10-12
5.8
None Remote Medium Not required Partial None Partial
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
6246 CVE-2016-7247 284 Bypass 2016-11-10 2018-10-12
5.0
None Remote Low Not required None Partial None
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
6247 CVE-2016-7172 200 +Info 2016-12-21 2017-07-26
5.0
None Remote Low Not required Partial None None
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
6248 CVE-2016-7164 20 DoS 2017-02-07 2017-02-13
5.0
None Remote Low Not required None None Partial
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
6249 CVE-2016-7162 20 2016-09-26 2016-09-28
5.0
None Remote Low Not required None Partial None
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
6250 CVE-2016-7153 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Total number of vulnerabilities : 22537   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 (This Page)126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.