CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2016-6156 362 DoS 2016-08-06 2016-11-28
1.9
None Local Medium Not required None None Partial
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.
252 CVE-2016-6136 362 Bypass 2016-08-06 2018-01-04
1.9
None Local Medium Not required None Partial None
Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.
253 CVE-2016-6130 362 +Info 2016-07-03 2016-11-28
1.9
None Local Medium Not required Partial None None
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.
254 CVE-2016-5992 DoS 2016-11-24 2016-11-28
1.9
None Local Medium Not required None None Partial
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.
255 CVE-2016-5918 200 +Info 2017-02-08 2017-02-15
1.9
None Local Medium Not required Partial None None
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.
256 CVE-2016-5894 200 +Info 2017-03-08 2017-07-17
1.9
None Local Medium Not required Partial None None
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
257 CVE-2016-5849 200 +Info 2016-07-04 2016-11-28
1.9
None Local Medium Not required Partial None None
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
258 CVE-2016-5848 255 2016-07-04 2016-11-28
1.7
None Local Low Single system Partial None None
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
259 CVE-2016-5746 +Info 2016-09-26 2018-10-30
1.2
None Local High Not required Partial None None
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
260 CVE-2016-5709 200 +Info 2016-06-24 2016-11-29
1.9
None Local Medium Not required Partial None None
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.
261 CVE-2016-5551 284 2017-04-24 2017-07-10
1.9
None Local Medium Not required Partial None None
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).
262 CVE-2016-5480 2016-10-25 2017-07-28
1.9
None Local Medium Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
263 CVE-2016-5443 2016-07-21 2017-08-31
1.2
None Local High Not required None None Partial
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
264 CVE-2016-5237 264 +Priv 2017-01-23 2017-09-06
1.9
None Local Medium Not required None Partial None
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
265 CVE-2016-5107 125 DoS 2016-09-02 2018-12-01
1.5
None Local Medium Single system None None Partial
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
266 CVE-2016-5106 787 DoS 2016-09-02 2018-12-01
1.5
None Local Medium Single system None None Partial
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.
267 CVE-2016-5105 200 +Info 2016-09-02 2018-12-01
1.9
None Local Medium Not required Partial None None
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
268 CVE-2016-4996 255 2017-07-17 2019-05-06
1.9
None Local Medium Not required Partial None None
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
269 CVE-2016-4984 362 2017-07-17 2019-04-22
1.9
None Local Medium Not required Partial None None
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
270 CVE-2016-4982 362 2017-07-17 2017-08-09
1.9
None Local Medium Not required Partial None None
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
271 CVE-2016-4963 284 DoS 2016-06-07 2018-09-07
1.9
None Local Medium Not required None None Partial
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
272 CVE-2016-4952 125 DoS 2016-09-02 2018-12-01
1.5
None Local Medium Single system None None Partial
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
273 CVE-2016-4924 275 +Info 2017-10-13 2017-11-03
1.7
None Local Low Single system Partial None None
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8
274 CVE-2016-4740 200 +Info 2016-09-18 2017-08-12
1.9
None Local Medium Not required Partial None None
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
275 CVE-2016-4527 255 +Info 2016-06-09 2016-06-15
1.9
None Local Medium Not required Partial None None
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.
276 CVE-2016-4511 310 +Info 2016-06-09 2016-06-17
1.9
None Local Medium Not required Partial None None
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
277 CVE-2016-3685 798 +Info 2016-12-14 2018-10-09
1.9
None Local Medium Not required Partial None None
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.
278 CVE-2016-3684 +Info 2016-12-14 2018-10-09
1.9
None Local Medium Not required Partial None None
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.
279 CVE-2016-3428 2016-04-21 2017-09-02
1.8
None Local Network High Not required None None Partial
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.
280 CVE-2016-3321 200 +Info 2016-08-09 2018-10-12
1.9
None Local Medium Not required Partial None None
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."
281 CVE-2016-3258 362 Bypass 2016-07-12 2018-10-12
1.2
None Local High Not required None Partial None
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."
282 CVE-2016-3230 20 DoS 2016-06-15 2018-10-12
1.9
None Local Medium Not required None None Partial
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
283 CVE-2016-3159 284 +Info 2016-04-13 2016-12-02
1.7
None Local Low Single system Partial None None
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
284 CVE-2016-3158 284 +Info 2016-04-13 2016-12-02
1.7
None Local Low Single system Partial None None
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
285 CVE-2016-2943 532 +Info 2016-11-30 2016-12-02
1.9
None Local Medium Not required Partial None None
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
286 CVE-2016-2858 119 DoS Overflow Mem. Corr. 2016-04-07 2018-12-01
1.9
None Local Medium Not required None None Partial
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
287 CVE-2016-1919 310 +Info 2017-01-27 2018-10-09
1.9
None Local Medium Not required Partial None None
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
288 CVE-2016-0702 200 +Info 2016-03-03 2018-01-04
1.9
None Local Medium Not required Partial None None
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
289 CVE-2016-0668 2016-04-21 2019-04-22
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
290 CVE-2016-0618 2016-01-20 2016-12-22
1.4
None Local Low Multiple systems Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.
291 CVE-2016-0609 2016-01-20 2019-04-22
1.7
None Remote High Multiple systems None None Partial
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
292 CVE-2016-0498 2016-01-20 2016-12-07
1.5
None Local Medium Single system Partial None None
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install.
293 CVE-2016-0453 2016-01-20 2016-06-08
1.8
None Local Network High Not required Partial None None
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.
294 CVE-2016-0438 2016-01-20 2016-06-08
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437.
295 CVE-2016-0437 2016-01-20 2016-06-09
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438.
296 CVE-2016-0436 2016-01-20 2016-06-09
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438.
297 CVE-2016-0434 2016-01-20 2016-06-09
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0436, CVE-2016-0437, and CVE-2016-0438.
298 CVE-2016-0432 2016-01-20 2017-09-09
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015.
299 CVE-2016-0431 2016-01-20 2016-12-07
1.2
None Local High Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419.
300 CVE-2016-0405 2016-01-20 2016-12-07
1.7
None Local Low Single system Partial None None
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability.
Total number of vulnerabilities : 872   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.