CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14001 CVE-2016-1358 119 DoS Overflow 2016-03-03 2019-07-29
5.5
None Remote Low ??? Partial None Partial
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
14002 CVE-2016-1357 200 Bypass +Info 2016-03-03 2016-03-14
5.0
None Remote Low Not required Partial None None
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.
14003 CVE-2016-1353 399 DoS 2016-03-01 2016-12-03
5.0
None Remote Low Not required None None Partial
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136.
14004 CVE-2016-1345 20 Bypass 2016-04-01 2016-12-03
5.0
None Remote Low Not required None Partial None
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
14005 CVE-2016-1342 200 +Info 2016-02-26 2016-03-04
5.0
None Remote Low Not required Partial None None
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
14006 CVE-2016-1334 20 2016-02-17 2016-12-06
5.0
None Remote Low Not required None Partial None
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
14007 CVE-2016-1324 264 DoS 2016-02-12 2016-02-24
5.0
None Remote Low Not required None None Partial
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
14008 CVE-2016-1322 264 Bypass 2016-02-12 2016-03-01
5.0
None Remote Low Not required None Partial None
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
14009 CVE-2016-1321 200 Bypass +Info 2016-02-15 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
14010 CVE-2016-1319 200 +Info 2016-02-09 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
14011 CVE-2016-1316 200 +Info 2016-02-09 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
14012 CVE-2016-1315 284 Bypass 2016-02-12 2017-10-13
5.0
None Remote Low Not required None Partial None
The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.
14013 CVE-2016-1307 287 2016-02-07 2016-12-06
5.5
None Remote Low ??? Partial Partial None
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
14014 CVE-2016-1299 399 DoS 2016-01-27 2016-02-18
5.0
None Remote Low Not required None None Partial
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
14015 CVE-2016-1296 254 Bypass 2016-01-20 2016-12-07
5.0
None Remote Low Not required None Partial None
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
14016 CVE-2016-1295 200 +Info 2016-01-16 2016-12-07
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
14017 CVE-2016-1290 264 +Priv Bypass 2016-04-06 2019-07-29
5.5
None Remote Low ??? Partial Partial None
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
14018 CVE-2016-1288 20 DoS 2016-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.
14019 CVE-2016-1286 20 DoS 2016-03-09 2017-11-21
5.0
None Remote Low Not required None None Partial
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
14020 CVE-2016-1270 19 DoS 2016-04-15 2016-04-20
5.0
None Remote Low Not required None None Partial
The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update.
14021 CVE-2016-1260 399 DoS 2016-01-15 2016-12-03
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic.
14022 CVE-2016-1258 20 DoS 2016-01-15 2016-12-03
5.0
None Remote Low Not required None None Partial
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors.
14023 CVE-2016-1256 399 DoS 2016-01-15 2016-12-03
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service."
14024 CVE-2016-1254 119 DoS Overflow 2017-12-05 2018-10-30
5.0
None Remote Low Not required None None Partial
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
14025 CVE-2016-1246 119 DoS Overflow 2016-10-05 2017-11-13
5.0
None Remote Low Not required None None Partial
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
14026 CVE-2016-1234 119 DoS Overflow 2016-06-01 2019-05-31
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
14027 CVE-2016-1232 2016-01-12 2016-06-09
5.0
None Remote Low Not required Partial None None
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
14028 CVE-2016-1225 200 +Info 2016-06-19 2016-11-30
5.0
None Remote Low Not required Partial None None
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
14029 CVE-2016-1223 22 Dir. Trav. 2016-06-19 2016-06-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
14030 CVE-2016-1213 601 2017-04-20 2017-04-25
5.8
None Remote Medium Not required Partial Partial None
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
14031 CVE-2016-1208 200 +Info 2016-05-14 2016-05-19
5.0
None Remote Low Not required Partial None None
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
14032 CVE-2016-1199 200 Bypass +Info 2016-04-30 2016-05-06
5.0
None Remote Low Not required Partial None None
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
14033 CVE-2016-1195 2016-06-19 2016-06-20
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
14034 CVE-2016-1193 200 +Info 2016-06-25 2016-06-27
5.0
None Remote Low Not required Partial None None
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
14035 CVE-2016-1191 22 Dir. Trav. 2016-06-19 2016-06-21
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
14036 CVE-2016-1189 Bypass 2016-06-25 2016-06-27
5.5
None Remote Low ??? Partial Partial None
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
14037 CVE-2016-1175 352 CSRF 2016-04-05 2016-04-06
5.8
None Remote Medium Not required None Partial Partial
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.
14038 CVE-2016-1158 352 CSRF 2016-03-03 2016-03-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.
14039 CVE-2016-1152 264 Bypass 2016-02-17 2016-02-22
5.5
None Remote Low ??? Partial None Partial
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
14040 CVE-2016-1137 2016-01-30 2016-02-10
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
14041 CVE-2016-1132 295 2017-04-13 2017-04-20
5.0
None Remote Low Not required None Partial None
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
14042 CVE-2016-1092 200 +Info 2016-05-11 2016-12-01
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079.
14043 CVE-2016-1079 200 +Info 2016-05-11 2016-12-01
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092.
14044 CVE-2016-1035 200 +Info 2016-04-12 2016-12-03
5.0
None Remote Low Not required Partial None None
Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.
14045 CVE-2016-0950 20 2016-02-10 2016-12-06
5.0
None Remote Low Not required None Partial None
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
14046 CVE-2016-0930 362 2016-09-18 2016-11-28
5.0
None Remote Low Not required Partial None None
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.
14047 CVE-2016-0929 200 +Info 2016-09-18 2016-11-28
5.0
None Remote Low Not required Partial None None
The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.
14048 CVE-2016-0928 601 2016-09-18 2016-11-28
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
14049 CVE-2016-0922 285 2016-09-18 2016-11-28
5.0
None Remote Low Not required Partial None None
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
14050 CVE-2016-0915 264 DoS 2016-08-22 2020-08-27
5.5
None Remote Low ??? None Partial Partial
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 (This Page)282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.