CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2016-6648 275 2017-02-03 2017-03-07
2.1
None Local Low Not required Partial None None
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
1352 CVE-2016-6613 200 +Info 2016-12-10 2017-06-30
2.1
None Remote High Single system Partial None None
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
1353 CVE-2016-6562 295 +Info 2018-07-13 2018-09-10
2.9
None Local Network Medium Not required Partial None None
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
1354 CVE-2016-6547 255 2018-07-13 2018-09-07
2.1
None Local Low Not required Partial None None
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
1355 CVE-2016-6546 255 2018-07-13 2018-09-07
2.1
None Local Low Not required Partial None None
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.
1356 CVE-2016-6494 200 +Info 2016-10-03 2017-11-28
2.1
None Local Low Not required Partial None None
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
1357 CVE-2016-6490 20 DoS 2016-12-09 2017-06-30
2.1
None Local Low Not required None None Partial
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
1358 CVE-2016-6349 200 +Info 2017-03-29 2017-04-06
2.1
None Local Low Not required Partial None None
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
1359 CVE-2016-6341 200 +Info 2017-04-20 2017-04-25
2.1
None Local Low Not required Partial None None
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
1360 CVE-2016-6340 254 2016-09-22 2016-09-22
2.1
None Local Low Not required Partial None None
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
1361 CVE-2016-6310 200 +Info 2017-08-22 2017-08-30
2.1
None Local Low Not required Partial None None
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
1362 CVE-2016-6249 200 +Info 2017-02-20 2017-07-24
2.1
None Local Low Not required Partial None None
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
1363 CVE-2016-6224 20 +Info 2016-07-22 2017-08-07
2.1
None Local Low Not required Partial None None
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.
1364 CVE-2016-6149 200 +Info 2016-08-05 2016-11-28
2.1
None Local Low Not required Partial None None
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.
1365 CVE-2016-6110 255 2017-02-01 2017-05-24
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
1366 CVE-2016-6097 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
1367 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
1368 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
1369 CVE-2016-5976 200 +Info 2016-09-26 2016-11-28
2.6
None Remote High Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
1370 CVE-2016-5967 532 2016-11-24 2016-11-28
2.1
None Local Low Not required Partial None None
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
1371 CVE-2016-5960 200 +Info 2017-06-07 2017-06-13
2.1
None Local Low Not required Partial None None
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.
1372 CVE-2016-5938 200 +Info 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
1373 CVE-2016-5927 200 +Info 2016-09-12 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.
1374 CVE-2016-5893 200 +Info 2017-06-23 2017-06-26
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
1375 CVE-2016-5858 200 +Info 2017-08-16 2017-08-18
2.6
None Remote High Not required Partial None None
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.
1376 CVE-2016-5855 200 +Info 2017-08-16 2017-08-18
2.6
None Remote High Not required Partial None None
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.
1377 CVE-2016-5854 200 +Info 2017-08-16 2017-08-18
2.6
None Remote High Not required Partial None None
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.
1378 CVE-2016-5845 DoS 2016-08-12 2018-10-09
2.1
None Local Low Not required None None Partial
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
1379 CVE-2016-5812 200 +Info 2016-08-23 2016-11-28
2.1
None Local Low Not required Partial None None
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
1380 CVE-2016-5749 611 2017-03-23 2017-03-24
2.1
None Local Low Not required Partial None None
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
1381 CVE-2016-5748 611 2017-03-23 2017-03-24
2.1
None Local Low Not required Partial None None
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
1382 CVE-2016-5615 284 2016-10-25 2017-07-28
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.
1383 CVE-2016-5613 284 2016-10-25 2017-07-28
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.
1384 CVE-2016-5611 200 +Info 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
1385 CVE-2016-5608 284 2016-10-25 2017-07-28
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.
1386 CVE-2016-5561 2016-10-25 2017-07-28
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.
1387 CVE-2016-5525 284 2016-10-25 2017-07-28
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.
1388 CVE-2016-5517 284 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.
1389 CVE-2016-5508 200 +Info 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo.
1390 CVE-2016-5505 200 +Info 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.
1391 CVE-2016-5499 264 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.
1392 CVE-2016-5498 200 +Info 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.
1393 CVE-2016-5490 2016-10-25 2017-07-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.
1394 CVE-2016-5471 2016-07-21 2017-08-31
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.
1395 CVE-2016-5469 2016-07-21 2017-08-31
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.
1396 CVE-2016-5452 2016-07-21 2017-08-31
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.
1397 CVE-2016-5432 532 +Info 2016-10-03 2016-11-28
2.1
None Local Low Not required Partial None None
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
1398 CVE-2016-5410 287 Bypass 2017-04-19 2017-04-25
2.1
None Local Low Not required None Partial None
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
1399 CVE-2016-5390 200 +Info 2016-08-19 2016-08-22
2.1
None Remote High Single system Partial None None
Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
1400 CVE-2016-5347 200 +Info 2017-08-16 2017-08-18
2.6
None Remote High Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.
Total number of vulnerabilities : 4720   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.