CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2016-5238 119 DoS Overflow 2016-06-14 2018-12-01
2.1
None Local Low Not required None None Partial
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
1252 CVE-2016-5166 200 +Info 2016-09-11 2018-10-30
2.6
None Remote High Not required Partial None None
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
1253 CVE-2016-5109 284 Bypass 2016-07-13 2016-07-14
2.1
None Local Low Not required None Partial None
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.
1254 CVE-2016-5026 284 2017-01-30 2017-02-08
2.1
None Local Low Not required None Partial None
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
1255 CVE-2016-5001 200 +Info 2017-08-30 2017-09-05
2.1
None Local Low Not required Partial None None
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
1256 CVE-2016-4976 200 +Info 2017-03-29 2017-04-03
2.1
None Local Low Not required Partial None None
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
1257 CVE-2016-4955 362 DoS 2016-07-04 2018-10-30
2.6
None Remote High Not required None None Partial
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
1258 CVE-2016-4804 119 DoS Overflow 2016-06-03 2018-10-30
2.1
None Local Low Not required None None Partial
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
1259 CVE-2016-4755 200 +Info 2016-09-25 2017-07-29
2.1
None Local Low Not required Partial None None
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
1260 CVE-2016-4749 200 +Info 2016-09-18 2017-08-12
2.1
None Local Low Not required Partial None None
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
1261 CVE-2016-4707 19 2016-09-25 2017-07-29
2.1
None Local Low Not required None None Partial
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
1262 CVE-2016-4701 20 DoS 2016-09-25 2017-07-29
2.1
None Local Low Not required None None Partial
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
1263 CVE-2016-4670 255 2017-02-20 2017-02-21
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
1264 CVE-2016-4649 476 DoS 2016-07-21 2017-08-31
2.1
None Local Low Not required None None Partial
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
1265 CVE-2016-4645 200 +Info 2016-07-21 2017-08-31
2.1
None Local Low Not required Partial None None
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
1266 CVE-2016-4595 200 +Info 2016-07-21 2017-08-31
2.1
None Local Low Not required Partial None None
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.
1267 CVE-2016-4593 200 +Info 2016-07-21 2017-08-31
2.1
None Local Low Not required Partial None None
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
1268 CVE-2016-4578 200 +Info 2016-05-23 2018-01-04
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
1269 CVE-2016-4569 200 +Info 2016-05-23 2018-01-04
2.1
None Local Low Not required Partial None None
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
1270 CVE-2016-4546 20 DoS 2017-02-13 2017-02-16
2.1
None Local Low Not required None None Partial
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
1271 CVE-2016-4524 284 +Info 2016-06-09 2016-06-15
2.1
None Local Low Not required Partial None None
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.
1272 CVE-2016-4516 200 +Info 2016-06-09 2016-06-15
2.1
None Local Low Not required Partial None None
ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.
1273 CVE-2016-4486 200 +Info 2016-05-23 2018-12-20
2.1
None Local Low Not required Partial None None
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
1274 CVE-2016-4482 200 +Info 2016-05-23 2016-11-28
2.1
None Local Low Not required Partial None None
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
1275 CVE-2016-4455 264 +Info 2017-04-14 2017-04-25
2.1
None Local Low Not required Partial None None
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
1276 CVE-2016-4443 532 +Info 2016-12-14 2016-12-16
2.1
None Local Low Not required Partial None None
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
1277 CVE-2016-4441 119 DoS Overflow 2016-05-20 2018-12-01
2.1
None Local Low Not required None None Partial
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
1278 CVE-2016-4329 20 DoS Bypass 2017-01-06 2017-01-10
2.1
None Local Low Not required None None Partial
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
1279 CVE-2016-4307 284 DoS 2017-01-06 2017-08-12
2.1
None Local Low Not required None None Partial
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability.
1280 CVE-2016-4306 200 Bypass +Info 2017-01-06 2017-08-12
2.1
None Local Low Not required Partial None None
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
1281 CVE-2016-4305 284 DoS 2017-01-06 2017-08-12
2.1
None Local Low Not required None None Partial
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
1282 CVE-2016-4304 284 DoS 2017-01-06 2017-08-12
2.1
None Local Low Not required None None Partial
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
1283 CVE-2016-4086 2016-06-30 2016-11-28
2.9
None Local Network Medium Not required None Partial None
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.
1284 CVE-2016-4036 264 +Info 2016-04-18 2018-10-30
2.1
None Local Low Not required Partial None None
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
1285 CVE-2016-4032 284 2017-04-13 2017-04-25
2.1
None Local Low Not required None Partial None
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.
1286 CVE-2016-4025 254 Bypass 2016-11-03 2016-11-04
2.1
None Local Low Not required None Partial None
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
1287 CVE-2016-4020 200 +Info 2016-05-25 2018-12-01
2.1
None Local Low Not required Partial None None
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
1288 CVE-2016-3961 20 DoS 2016-04-15 2016-11-28
2.1
None Local Low Not required None None Partial
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
1289 CVE-2016-3954 200 Exec Code +Info 2018-02-06 2018-02-24
2.1
None Local Low Not required Partial None None
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
1290 CVE-2016-3952 255 2018-02-06 2018-02-24
2.1
None Local Low Not required Partial None None
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.
1291 CVE-2016-3888 264 Bypass 2016-09-11 2017-08-12
2.1
None Local Low Not required None Partial None
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
1292 CVE-2016-3761 200 +Info 2016-07-10 2016-07-12
2.1
None Local Low Not required Partial None None
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
1293 CVE-2016-3739 20 2016-05-20 2018-10-16
2.6
None Remote High Not required None Partial None
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.
1294 CVE-2016-3712 DoS Overflow 2016-05-11 2018-01-04
2.1
None Local Low Not required None None Partial
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
1295 CVE-2016-3711 200 +Info 2016-06-08 2016-06-09
2.1
None Local Low Not required Partial None None
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
1296 CVE-2016-3697 264 +Priv 2016-06-01 2018-10-30
2.1
None Local Low Not required Partial None None
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
1297 CVE-2016-3696 200 +Info 2017-06-13 2018-02-22
2.1
None Local Low Not required Partial None None
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
1298 CVE-2016-3695 74 DoS 2017-12-29 2018-01-10
2.1
None Local Low Not required None None Partial
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
1299 CVE-2016-3640 200 +Info 2016-08-05 2016-08-11
2.1
None Local Low Not required Partial None None
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
1300 CVE-2016-3638 119 DoS Overflow Mem. Corr. 2016-10-13 2016-10-14
2.1
None Local Low Not required None None Partial
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.