| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
32351 |
CVE-2016-1270 |
19 |
|
DoS |
2016-04-15 |
2016-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. |
|
32352 |
CVE-2016-1267 |
362 |
|
|
2016-04-15 |
2016-12-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors. |
|
32353 |
CVE-2016-1264 |
264 |
|
+Priv |
2016-04-15 |
2016-12-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option. |
|
32354 |
CVE-2016-1262 |
20 |
|
DoS |
2016-01-15 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet. |
|
32355 |
CVE-2016-1261 |
352 |
|
CSRF |
2017-10-13 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). |
|
32356 |
CVE-2016-1260 |
399 |
|
DoS |
2016-01-15 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic. |
|
32357 |
CVE-2016-1258 |
20 |
|
DoS |
2016-01-15 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. |
|
32358 |
CVE-2016-1257 |
20 |
|
DoS |
2016-01-15 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet. |
|
32359 |
CVE-2016-1256 |
399 |
|
DoS |
2016-01-15 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R7, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D18 or 14.1X53-D30, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R4, 15.1 before 15.1R2, and 15.1X49 before 15.1X49-D10 allow remote attackers to cause a denial of service via a malformed IGMPv3 packet, aka a "multicast denial of service." |
|
32360 |
CVE-2016-1254 |
119 |
|
DoS Overflow |
2017-12-05 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. |
|
32361 |
CVE-2016-1252 |
417 |
|
Bypass |
2017-12-05 |
2017-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. |
|
32362 |
CVE-2016-1251 |
416 |
|
|
2016-11-29 |
2017-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. |
|
32363 |
CVE-2016-1249 |
125 |
|
DoS |
2017-02-16 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. |
|
32364 |
CVE-2016-1248 |
20 |
|
Exec Code |
2016-11-23 |
2017-07-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. |
|
32365 |
CVE-2016-1246 |
119 |
|
DoS Overflow |
2016-10-05 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. |
|
32366 |
CVE-2016-1242 |
200 |
|
+Info |
2016-09-07 |
2017-01-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. |
|
32367 |
CVE-2016-1241 |
200 |
|
+Info |
2016-09-07 |
2016-09-08 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
|
32368 |
CVE-2016-1237 |
284 |
|
Bypass |
2016-06-29 |
2016-11-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. |
|
32369 |
CVE-2016-1236 |
79 |
|
XSS |
2016-05-11 |
2016-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. |
|
32370 |
CVE-2016-1234 |
119 |
|
DoS Overflow |
2016-06-01 |
2019-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. |
|
32371 |
CVE-2016-1232 |
|
|
|
2016-01-12 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. |
|
32372 |
CVE-2016-1231 |
22 |
|
Dir. Trav. |
2016-01-12 |
2016-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. |
|
32373 |
CVE-2016-1230 |
79 |
|
XSS |
2016-06-04 |
2016-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
32374 |
CVE-2016-1229 |
79 |
|
XSS |
2016-06-04 |
2016-06-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
32375 |
CVE-2016-1228 |
352 |
|
CSRF |
2016-07-03 |
2016-07-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users. |
|
32376 |
CVE-2016-1227 |
|
|
Exec Code |
2016-07-03 |
2016-07-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
|
32377 |
CVE-2016-1226 |
79 |
|
XSS |
2016-06-19 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
32378 |
CVE-2016-1225 |
200 |
|
+Info |
2016-06-19 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. |
|
32379 |
CVE-2016-1224 |
79 |
|
XSS |
2016-06-18 |
2016-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. |
|
32380 |
CVE-2016-1223 |
22 |
|
Dir. Trav. |
2016-06-18 |
2016-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. |
|
32381 |
CVE-2016-1222 |
79 |
|
XSS |
2016-06-04 |
2016-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |
|
32382 |
CVE-2016-1221 |
295 |
|
+Info |
2017-04-21 |
2017-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
32383 |
CVE-2016-1220 |
284 |
|
|
2017-04-20 |
2017-04-25 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cybozu Garoon before 4.2.2 does not properly restrict access. |
|
32384 |
CVE-2016-1218 |
89 |
|
Sql |
2017-04-20 |
2017-04-25 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
|
32385 |
CVE-2016-1217 |
79 |
|
XSS |
2017-04-20 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |
|
32386 |
CVE-2016-1216 |
79 |
|
XSS |
2017-04-20 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. |
|
32387 |
CVE-2016-1215 |
79 |
|
XSS |
2017-04-20 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. |
|
32388 |
CVE-2016-1214 |
79 |
|
XSS |
2017-04-20 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. |
|
32389 |
CVE-2016-1213 |
601 |
|
|
2017-04-20 |
2017-04-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. |
|
32390 |
CVE-2016-1212 |
22 |
|
Dir. Trav. |
2016-06-04 |
2016-06-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. |
|
32391 |
CVE-2016-1211 |
79 |
|
XSS |
2016-06-04 |
2016-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
32392 |
CVE-2016-1210 |
295 |
|
+Info |
2017-04-21 |
2017-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
32393 |
CVE-2016-1208 |
200 |
|
+Info |
2016-05-14 |
2016-05-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. |
|
32394 |
CVE-2016-1207 |
79 |
|
XSS |
2016-05-14 |
2016-05-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
32395 |
CVE-2016-1206 |
200 |
|
+Info |
2016-05-14 |
2016-05-18 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. |
|
32396 |
CVE-2016-1205 |
79 |
|
XSS |
2016-04-27 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
32397 |
CVE-2016-1201 |
352 |
|
CSRF |
2016-04-30 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. |
|
32398 |
CVE-2016-1200 |
284 |
|
Bypass |
2016-04-30 |
2016-11-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. |
|
32399 |
CVE-2016-1199 |
200 |
|
Bypass +Info |
2016-04-30 |
2016-05-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. |
|
32400 |
CVE-2016-1198 |
295 |
|
|
2017-04-21 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Photopt for Android before 2.0.1 does not verify SSL certificates. |
