CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2016-1490 200 +Info 2016-01-26 2018-10-09
2.7
None Local Network Low Single system Partial None None
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
1552 CVE-2016-1284 20 DoS 2016-02-04 2017-09-09
2.6
None Remote High Not required None None Partial
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
1553 CVE-2016-1185 200 +Info 2016-04-25 2017-03-14
2.6
None Remote High Not required Partial None None
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
1554 CVE-2016-0924 310 2016-09-17 2016-09-19
2.6
None Remote High Not required Partial None None
The TLS 1.2 implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 supports MD5 signatures, which makes it easier for man-in-the-middle attackers to impersonate clients via a transcript-collision attack.
1555 CVE-2016-0923 327 2016-09-17 2017-07-29
2.6
None Remote High Not required Partial None None
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.
1556 CVE-2016-0887 200 +Info 2016-04-12 2018-10-09
2.6
None Remote High Not required Partial None None
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
1557 CVE-2016-0823 200 +Info 2016-03-12 2016-11-28
2.1
None Local Low Not required Partial None None
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
1558 CVE-2016-0764 362 +Info 2017-07-17 2017-07-21
2.1
None Local Low Not required Partial None None
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
1559 CVE-2016-0713 79 XSS 2017-08-31 2017-09-05
2.6
None Remote High Not required None Partial None
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
1560 CVE-2016-0707 264 +Info 2016-05-18 2016-05-18
2.1
None Local Low Not required Partial None None
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
1561 CVE-2016-0701 200 +Info 2016-02-14 2017-12-12
2.6
None Remote High Not required Partial None None
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
1562 CVE-2016-0695 2016-04-21 2017-11-09
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
1563 CVE-2016-0688 2016-04-21 2018-10-30
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.
1564 CVE-2016-0671 2016-04-21 2016-12-02
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.
1565 CVE-2016-0667 2016-04-21 2016-12-02
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.
1566 CVE-2016-0607 2016-01-20 2019-04-22
2.8
None Remote Medium Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
1567 CVE-2016-0605 2016-01-20 2018-10-30
2.1
None Remote High Single system None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
1568 CVE-2016-0592 2016-01-20 2016-12-07
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.
1569 CVE-2016-0454 2016-01-20 2017-09-09
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.
1570 CVE-2016-0446 2016-01-20 2016-12-07
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.
1571 CVE-2016-0394 275 2017-02-01 2017-02-07
2.1
None Local Low Not required None Partial None
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
1572 CVE-2016-0382 200 +Info 2017-05-03 2017-05-12
2.1
None Local Low Not required Partial None None
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.
1573 CVE-2016-0380 264 +Info 2016-08-07 2018-06-13
2.1
None Local Low Not required Partial None None
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
1574 CVE-2016-0338 200 +Info 2016-07-15 2017-08-31
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.
1575 CVE-2016-0321 200 +Info 2016-07-17 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
1576 CVE-2016-0296 532 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
1577 CVE-2016-0292 200 +Info 2016-08-30 2017-06-09
2.1
None Local Low Not required Partial None None
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.
1578 CVE-2016-0287 254 2016-07-07 2017-11-02
2.1
None Local Low Not required Partial None None
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
1579 CVE-2016-0275 200 +Info 2018-03-09 2018-03-27
2.1
None Local Low Not required Partial None None
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows local users to obtain sensitive information via vectors related to cacheable HTTPS responses.
1580 CVE-2016-0259 200 Bypass +Info 2016-06-26 2016-11-29
2.1
None Local Low Not required Partial None None
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
1581 CVE-2016-0247 200 Bypass +Info 2016-10-21 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
1582 CVE-2016-0237 200 +Info 2018-03-12 2018-04-04
2.1
None Local Low Not required Partial None None
IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.
1583 CVE-2016-0234 613 +Info 2018-08-30 2018-10-22
2.1
None Local Low Not required Partial None None
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.
1584 CVE-2016-0206 20 2017-02-08 2017-02-15
2.1
None Local Low Not required None None Partial
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
1585 CVE-2016-0205 200 +Info 2018-08-30 2018-10-22
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394.
1586 CVE-2016-0203 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
1587 CVE-2016-0202 200 +Info 2017-02-08 2017-02-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
1588 CVE-2016-0194 200 Bypass +Info 2016-05-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
1589 CVE-2016-0190 200 +Info 2016-05-10 2018-10-12
2.1
None Local Low Not required Partial None None
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
1590 CVE-2016-0181 254 Bypass 2016-05-10 2018-10-12
2.1
None Local Low Not required None Partial None
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."
1591 CVE-2016-0175 200 Bypass +Info 2016-05-10 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability."
1592 CVE-2016-0125 200 +Info 2016-03-09 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."
1593 CVE-2016-0090 200 +Info 2016-04-12 2018-10-12
2.1
None Local Low Not required Partial None None
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
1594 CVE-2016-0089 200 +Info 2016-04-12 2018-10-12
2.1
None Local Low Not required Partial None None
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
1595 CVE-2016-0079 200 +Priv +Info 2016-10-13 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
1596 CVE-2016-0075 200 +Priv +Info 2016-10-13 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
1597 CVE-2016-0073 200 +Priv +Info 2016-10-13 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
1598 CVE-2016-0049 255 Bypass 2016-02-10 2018-10-30
2.1
None Local Low Not required None Partial None
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
1599 CVE-2015-9232 345 2017-09-20 2017-10-04
2.6
None Remote High Not required Partial None None
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.
1600 CVE-2015-8952 19 DoS 2016-10-16 2018-03-15
2.1
None Local Low Not required None None Partial
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
Total number of vulnerabilities : 4720   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.