CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3451 CVE-2016-7209 20 2016-11-10 2018-10-12
2.6
None Remote High Not required None Partial None
Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."
3452 CVE-2016-7204 200 +Info 2016-11-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
3453 CVE-2016-7199 200 Bypass +Info 2016-11-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
3454 CVE-2016-7170 129 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
3455 CVE-2016-7157 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
3456 CVE-2016-7156 704 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
3457 CVE-2016-7155 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
3458 CVE-2016-7116 22 Dir. Trav. 2016-12-10 2020-10-15
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
3459 CVE-2016-7111 79 XSS 2017-02-17 2017-02-22
2.6
None Remote High Not required None Partial None
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
3460 CVE-2016-7062 255 2017-06-27 2017-07-05
2.1
None Local Low Not required Partial None None
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
3461 CVE-2016-7060 200 +Info 2017-04-14 2017-04-25
2.1
None Local Low Not required Partial None None
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
3462 CVE-2016-7056 320 2018-09-10 2019-10-09
2.1
None Local Low Not required Partial None None
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
3463 CVE-2016-7055 320 2017-05-04 2019-07-02
2.6
None Remote High Not required None None Partial
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
3464 CVE-2016-6900 399 DoS 2016-09-07 2016-09-08
2.1
None Local Low Not required None None Partial
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors.
3465 CVE-2016-6888 190 DoS Overflow 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
3466 CVE-2016-6877 20 2017-05-05 2017-06-27
2.6
None Remote High Not required None Partial None
** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session.
3467 CVE-2016-6836 665 +Info 2016-12-10 2020-10-15
2.1
None Local Low Not required Partial None None
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
3468 CVE-2016-6835 DoS 2016-12-10 2020-10-19
2.1
None Local Low Not required None None Partial
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
3469 CVE-2016-6834 120 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
3470 CVE-2016-6833 416 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
3471 CVE-2016-6774 200 Bypass +Info 2017-01-12 2017-01-18
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.
3472 CVE-2016-6769 284 2017-01-12 2017-01-19
2.1
None Local Low Not required None Partial None
An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171.
3473 CVE-2016-6757 200 +Info 2017-01-12 2017-01-18
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821.
3474 CVE-2016-6756 200 +Info 2017-01-12 2017-01-18
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068.
3475 CVE-2016-6708 254 Bypass 2016-11-25 2016-12-06
2.1
None Local Low Not required None Partial None
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.
3476 CVE-2016-6659 287 +Priv 2016-12-23 2016-12-28
2.6
None Remote High Not required Partial None None
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
3477 CVE-2016-6650 200 +Info 2017-03-21 2017-07-12
2.6
None Remote High Not required Partial None None
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.
3478 CVE-2016-6648 275 2017-02-03 2017-03-08
2.1
None Local Low Not required Partial None None
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system.
3479 CVE-2016-6613 200 +Info 2016-12-11 2017-07-01
2.1
None Remote High ??? Partial None None
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
3480 CVE-2016-6587 200 +Info 2020-01-08 2020-01-13
2.1
None Local Low Not required Partial None None
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
3481 CVE-2016-6562 295 +Info 2018-07-13 2019-10-09
2.9
None Local Network Medium Not required Partial None None
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.
3482 CVE-2016-6547 255 2018-07-13 2019-10-09
2.1
None Local Low Not required Partial None None
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
3483 CVE-2016-6546 255 2018-07-13 2019-10-09
2.1
None Local Low Not required Partial None None
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.
3484 CVE-2016-6494 200 +Info 2016-10-03 2017-11-28
2.1
None Local Low Not required Partial None None
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
3485 CVE-2016-6490 120 DoS 2016-12-10 2020-10-15
2.1
None Local Low Not required None None Partial
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
3486 CVE-2016-6349 200 +Info 2017-03-29 2017-04-06
2.1
None Local Low Not required Partial None None
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
3487 CVE-2016-6341 200 +Info 2017-04-20 2017-04-25
2.1
None Local Low Not required Partial None None
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
3488 CVE-2016-6340 254 2016-09-22 2016-09-22
2.1
None Local Low Not required Partial None None
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
3489 CVE-2016-6310 200 +Info 2017-08-22 2017-08-30
2.1
None Local Low Not required Partial None None
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
3490 CVE-2016-6249 200 +Info 2017-02-20 2017-07-25
2.1
None Local Low Not required Partial None None
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.
3491 CVE-2016-6224 20 +Info 2016-07-22 2017-08-08
2.1
None Local Low Not required Partial None None
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.
3492 CVE-2016-6149 200 +Info 2016-08-05 2016-11-28
2.1
None Local Low Not required Partial None None
SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941.
3493 CVE-2016-6110 255 2017-02-01 2017-05-25
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
3494 CVE-2016-6097 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
3495 CVE-2016-6092 200 +Info 2017-02-07 2017-02-09
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
3496 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
3497 CVE-2016-5976 200 +Info 2016-09-26 2016-11-28
2.6
None Remote High Not required Partial None None
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
3498 CVE-2016-5967 532 2016-11-25 2016-11-28
2.1
None Local Low Not required Partial None None
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.
3499 CVE-2016-5960 200 +Info 2017-06-07 2017-06-13
2.1
None Local Low Not required Partial None None
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.
3500 CVE-2016-5938 200 +Info 2017-02-01 2017-02-05
2.1
None Local Low Not required Partial None None
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 (This Page)71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.