# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
29901 |
CVE-2016-5684 |
787 |
|
Exec Code |
2017-01-06 |
2019-03-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability. |
29902 |
CVE-2016-5683 |
|
|
|
2016-08-26 |
2016-11-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file. |
29903 |
CVE-2016-5682 |
79 |
|
XSS |
2017-04-09 |
2017-04-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. |
29904 |
CVE-2016-5677 |
200 |
|
+Info |
2016-08-31 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. |
29905 |
CVE-2016-5676 |
285 |
|
|
2016-08-31 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. |
29906 |
CVE-2016-5673 |
284 |
|
|
2016-08-25 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number. |
29907 |
CVE-2016-5672 |
20 |
|
+Info |
2016-07-31 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. |
29908 |
CVE-2016-5671 |
352 |
|
CSRF |
2016-08-02 |
2016-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. |
29909 |
CVE-2016-5669 |
|
|
|
2016-08-02 |
2016-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. |
29910 |
CVE-2016-5666 |
|
|
|
2016-08-02 |
2016-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. |
29911 |
CVE-2016-5664 |
22 |
|
Dir. Trav. |
2016-08-26 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. |
29912 |
CVE-2016-5663 |
79 |
|
XSS |
2016-08-26 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. |
29913 |
CVE-2016-5661 |
284 |
|
Exec Code |
2016-07-15 |
2016-11-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. |
29914 |
CVE-2016-5660 |
79 |
|
XSS |
2016-07-15 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. |
29915 |
CVE-2016-5655 |
|
|
+Info |
2016-07-19 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. |
29916 |
CVE-2016-5653 |
89 |
|
Exec Code Sql |
2016-07-19 |
2016-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. |
29917 |
CVE-2016-5652 |
119 |
|
Exec Code Overflow |
2017-01-06 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. |
29918 |
CVE-2016-5650 |
284 |
|
|
2016-08-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value. |
29919 |
CVE-2016-5649 |
200 |
|
+Info |
2018-07-24 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. |
29920 |
CVE-2016-5648 |
295 |
|
|
2017-06-08 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. |
29921 |
CVE-2016-5647 |
264 |
|
DoS +Priv |
2016-12-13 |
2019-05-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request. |
29922 |
CVE-2016-5646 |
119 |
|
Exec Code Overflow |
2017-01-06 |
2017-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. |
29923 |
CVE-2016-5642 |
79 |
|
XSS |
2017-04-09 |
2017-04-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Opmantek NMIS before 8.5.12G has XSS via SNMP. |
29924 |
CVE-2016-5639 |
22 |
|
Dir. Trav. |
2016-08-02 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. |
29925 |
CVE-2016-5638 |
200 |
|
+Info |
2018-07-24 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. |
29926 |
CVE-2016-5637 |
119 |
|
DoS Exec Code Overflow Bypass |
2016-07-15 |
2018-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue. |
29927 |
CVE-2016-5635 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. |
29928 |
CVE-2016-5634 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. |
29929 |
CVE-2016-5633 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. |
29930 |
CVE-2016-5632 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. |
29931 |
CVE-2016-5631 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. |
29932 |
CVE-2016-5630 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. |
29933 |
CVE-2016-5629 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. |
29934 |
CVE-2016-5628 |
|
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. |
29935 |
CVE-2016-5627 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. |
29936 |
CVE-2016-5626 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. |
29937 |
CVE-2016-5625 |
|
|
|
2016-10-25 |
2017-07-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. |
29938 |
CVE-2016-5624 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. |
29939 |
CVE-2016-5623 |
254 |
|
|
2017-01-27 |
2017-02-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
29940 |
CVE-2016-5621 |
284 |
|
|
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603. |
29941 |
CVE-2016-5620 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619. |
29942 |
CVE-2016-5619 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5620. |
29943 |
CVE-2016-5618 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. |
29944 |
CVE-2016-5617 |
264 |
|
|
2016-10-25 |
2016-11-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Error Handling. |
29945 |
CVE-2016-5616 |
|
|
|
2016-10-25 |
2016-11-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM. |
29946 |
CVE-2016-5615 |
284 |
|
|
2016-10-25 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. |
29947 |
CVE-2016-5614 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
29948 |
CVE-2016-5613 |
284 |
|
|
2016-10-25 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. |
29949 |
CVE-2016-5612 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. |
29950 |
CVE-2016-5611 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. |