CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4251 CVE-2016-1473 200 +Info 2016-09-01 2017-08-12
10.0
None Remote Low Not required Complete Complete Complete
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.
4252 CVE-2016-1455 200 +Info 2016-10-05 2017-07-29
5.0
None Remote Low Not required Partial None None
Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.
4253 CVE-2016-1443 254 Bypass +Info 2016-07-07 2016-07-08
6.8
None Remote Medium Not required Partial Partial Partial
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.
4254 CVE-2016-1427 287 +Info 2016-06-17 2016-11-29
5.0
None Remote Low Not required Partial None None
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
4255 CVE-2016-1410 200 +Info 2016-05-27 2016-11-30
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
4256 CVE-2016-1406 284 +Priv Bypass +Info 2016-05-24 2019-07-29
6.5
None Remote Low Single system Partial Partial Partial
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
4257 CVE-2016-1404 200 +Info 2016-05-29 2016-11-30
5.0
None Remote Low Not required Partial None None
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.
4258 CVE-2016-1378 200 +Info 2016-04-13 2016-12-02
5.0
None Remote Low Not required Partial None None
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.
4259 CVE-2016-1360 200 +Info 2016-03-11 2016-12-02
3.0
None Local Medium Single system Partial Partial None
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
4260 CVE-2016-1357 200 Bypass +Info 2016-03-03 2016-03-14
5.0
None Remote Low Not required Partial None None
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.
4261 CVE-2016-1342 200 +Info 2016-02-26 2016-03-04
5.0
None Remote Low Not required Partial None None
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
4262 CVE-2016-1337 264 +Info 2016-07-03 2018-10-09
4.3
None Remote Medium Not required Partial None None
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
4263 CVE-2016-1325 200 +Info 2016-03-09 2016-12-02
7.8
None Remote Low Not required Complete None None
The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.
4264 CVE-2016-1323 200 +Info 2016-02-11 2016-02-29
4.0
None Remote Low Single system Partial None None
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
4265 CVE-2016-1321 200 Bypass +Info 2016-02-15 2016-12-05
5.0
None Remote Low Not required Partial None None
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
4266 CVE-2016-1319 200 +Info 2016-02-08 2016-12-05
5.0
None Remote Low Not required Partial None None
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
4267 CVE-2016-1317 200 +Info 2016-02-08 2016-12-05
4.0
None Remote Low Single system Partial None None
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
4268 CVE-2016-1316 200 +Info 2016-02-08 2016-12-05
5.0
None Remote Low Not required Partial None None
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
4269 CVE-2016-1295 200 +Info 2016-01-16 2016-12-07
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
4270 CVE-2016-1289 119 Exec Code Overflow +Info 2016-07-02 2019-07-29
10.0
None Remote Low Not required Complete Complete Complete
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
4271 CVE-2016-1279 287 +Priv +Info 2016-09-09 2017-08-31
10.0
None Remote Low Not required Complete Complete Complete
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors.
4272 CVE-2016-1275 399 +Info 2016-09-09 2017-08-31
6.1
None Local Network Low Not required None None Complete
Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of Ethernet frames with IPv6 MAC addresses directly into a connected interface.
4273 CVE-2016-1265 200 Exec Code +Info CSRF 2017-10-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
4274 CVE-2016-1242 200 +Info 2016-09-07 2017-01-12
4.0
None Remote Low Single system Partial None None
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
4275 CVE-2016-1241 200 +Info 2016-09-07 2016-09-08
3.5
None Remote Medium Single system Partial None None
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
4276 CVE-2016-1235 264 +Priv +Info 2016-04-11 2016-04-14
9.0
None Remote Low Single system Complete Complete Complete
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
4277 CVE-2016-1225 200 +Info 2016-06-19 2016-11-29
5.0
None Remote Low Not required Partial None None
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
4278 CVE-2016-1221 295 +Info 2017-04-21 2017-04-28
4.3
None Remote Medium Not required Partial None None
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
4279 CVE-2016-1210 295 +Info 2017-04-21 2017-04-29
4.3
None Remote Medium Not required Partial None None
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
4280 CVE-2016-1208 200 +Info 2016-05-14 2016-05-19
5.0
None Remote Low Not required Partial None None
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
4281 CVE-2016-1206 200 +Info 2016-05-14 2016-05-18
3.3
None Local Network Low Not required Partial None None
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.
4282 CVE-2016-1199 200 Bypass +Info 2016-04-30 2016-05-05
5.0
None Remote Low Not required Partial None None
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
4283 CVE-2016-1196 264 Bypass +Info 2016-06-19 2016-06-21
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
4284 CVE-2016-1193 200 +Info 2016-06-25 2016-06-27
5.0
None Remote Low Not required Partial None None
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
4285 CVE-2016-1187 200 +Info 2017-04-21 2017-04-27
4.3
None Remote Medium Not required Partial None None
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
4286 CVE-2016-1185 200 +Info 2016-04-25 2017-03-14
2.6
None Remote High Not required Partial None None
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
4287 CVE-2016-1112 200 +Info 2016-05-11 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors.
4288 CVE-2016-1092 200 +Info 2016-05-11 2016-11-30
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079.
4289 CVE-2016-1079 200 +Info 2016-05-11 2016-11-30
5.0
None Remote Low Not required Partial None None
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092.
4290 CVE-2016-1035 200 +Info 2016-04-12 2016-12-02
5.0
None Remote Low Not required Partial None None
Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.
4291 CVE-2016-0958 200 +Info 2016-02-10 2016-02-18
7.8
None Remote Low Not required Complete None None
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
4292 CVE-2016-0956 200 +Info 2016-02-10 2018-10-09
7.8
None Remote Low Not required Complete None None
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
4293 CVE-2016-0929 200 +Info 2016-09-17 2016-11-28
5.0
None Remote Low Not required Partial None None
The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.
4294 CVE-2016-0918 200 +Info 2016-09-24 2017-07-29
4.0
None Remote Low Single system Partial None None
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.
4295 CVE-2016-0904 310 +Info 2016-09-20 2017-07-29
5.0
None Remote Low Not required Partial None None
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
4296 CVE-2016-0903 200 +Info 2016-09-20 2017-07-29
6.4
None Remote Low Not required Partial Partial None
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
4297 CVE-2016-0899 200 +Info 2016-07-04 2017-08-31
3.5
None Remote Medium Single system Partial None None
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
4298 CVE-2016-0893 200 +Info 2016-05-03 2016-11-30
4.0
None Remote Low Single system Partial None None
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
4299 CVE-2016-0890 200 +Info 2017-02-03 2017-03-02
6.0
None Remote Medium Single system Partial Partial Partial
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
4300 CVE-2016-0887 200 +Info 2016-04-12 2019-08-27
2.6
None Remote High Not required Partial None None
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.