CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4151 CVE-2016-2044 200 +Info 2016-02-19 2016-08-17
5.0
None Remote Low Not required Partial None None
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
4152 CVE-2016-2042 200 +Info 2016-02-19 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
4153 CVE-2016-2039 200 Bypass +Info CSRF 2016-02-19 2018-10-30
5.0
None Remote Low Not required Partial None None
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
4154 CVE-2016-2038 200 +Info 2016-02-19 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
4155 CVE-2016-2030 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.
4156 CVE-2016-2029 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
4157 CVE-2016-2028 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
4158 CVE-2016-2027 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
4159 CVE-2016-2026 200 +Info 2016-06-08 2016-08-23
5.0
None Remote Low Not required Partial None None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
4160 CVE-2016-2025 200 +Info 2016-05-29 2016-11-30
5.0
None Remote Low Not required Partial None None
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
4161 CVE-2016-2024 DoS +Info 2016-06-08 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
4162 CVE-2016-2023 200 +Info 2016-05-29 2016-11-30
2.1
None Local Low Not required Partial None None
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
4163 CVE-2016-2022 +Info 2016-06-08 2016-08-23
4.7
None Remote Low Multiple systems Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.
4164 CVE-2016-2021 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.
4165 CVE-2016-2020 +Info 2016-06-08 2016-08-23
8.5
None Remote Low Single system Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
4166 CVE-2016-2019 +Info 2016-06-08 2016-08-23
7.7
None Remote Low Multiple systems Complete Complete None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
4167 CVE-2016-2018 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
4168 CVE-2016-2017 +Info 2016-06-08 2016-08-23
5.5
None Remote Low Single system Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.
4169 CVE-2016-2015 200 +Info 2016-05-14 2016-11-30
6.6
None Local Low Not required Complete Complete None
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
4170 CVE-2016-2013 200 +Info 2016-05-07 2016-11-30
4.0
None Remote Low Single system Partial None None
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.
4171 CVE-2016-2001 +Info 2016-04-12 2016-12-02
5.8
None Remote Medium Not required Partial Partial None
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
4172 CVE-2016-1996 +Info 2016-03-18 2016-12-02
3.6
None Local Low Not required Partial Partial None
HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
4173 CVE-2016-1994 200 +Info 2016-03-18 2016-12-02
4.0
None Remote Low Single system Partial None None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
4174 CVE-2016-1993 +Info 2016-03-18 2016-12-02
5.5
None Remote Low Single system Partial Partial None
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
4175 CVE-2016-1992 200 +Info 2016-03-17 2016-12-02
4.0
None Remote Low Single system Partial None None
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
4176 CVE-2016-1989 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
4177 CVE-2016-1988 Exec Code +Info 2016-03-14 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
4178 CVE-2016-1967 200 Bypass +Info 2016-03-13 2016-12-02
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
4179 CVE-2016-1955 200 Bypass +Info 2016-03-13 2018-10-30
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
4180 CVE-2016-1939 200 +Info 2016-01-31 2018-10-30
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
4181 CVE-2016-1919 310 +Info 2017-01-27 2018-10-09
1.9
None Local Medium Not required Partial None None
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
4182 CVE-2016-1910 200 +Info 2016-01-15 2018-12-10
5.0
None Remote Low Not required Partial None None
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
4183 CVE-2016-1903 119 DoS Overflow +Info 2016-01-19 2018-01-04
6.4
None Remote Low Not required Partial None Partial
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.
4184 CVE-2016-1898 200 +Info 2016-01-14 2018-10-30
4.3
None Remote Medium Not required Partial None None
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
4185 CVE-2016-1897 200 +Info 2016-01-14 2018-10-30
4.3
None Remote Medium Not required Partial None None
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
4186 CVE-2016-1886 119 DoS Overflow +Priv +Info 2016-05-25 2017-04-19
7.2
None Local Low Not required Complete Complete Complete
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
4187 CVE-2016-1864 200 XSS +Info 2016-06-19 2017-08-31
5.0
None Remote Low Not required Partial None None
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
4188 CVE-2016-1862 254 +Info 2016-06-19 2016-06-22
4.3
None Remote Medium Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
4189 CVE-2016-1860 254 +Info 2016-06-19 2016-06-22
4.3
None Remote Medium Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.
4190 CVE-2016-1858 200 +Info 2016-05-20 2018-10-09
4.3
None Remote Medium Not required Partial None None
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
4191 CVE-2016-1853 200 +Info 2016-05-20 2016-12-02
5.0
None Remote Low Not required Partial None None
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
4192 CVE-2016-1852 200 +Info 2016-05-20 2016-12-02
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
4193 CVE-2016-1849 200 +Info 2016-05-20 2016-11-30
2.1
None Local Low Not required Partial None None
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
4194 CVE-2016-1843 20 +Info 2016-05-20 2016-12-01
5.0
None Remote Low Not required Partial None None
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
4195 CVE-2016-1842 284 +Info 2016-05-20 2016-12-01
5.0
None Remote Low Not required Partial None None
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
4196 CVE-2016-1807 362 +Info 2016-05-20 2016-11-30
2.6
None Remote High Not required Partial None None
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
4197 CVE-2016-1802 200 +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
4198 CVE-2016-1801 200 +Info 2016-05-20 2016-11-30
5.0
None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
4199 CVE-2016-1796 200 DoS +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.
4200 CVE-2016-1791 200 +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.