CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2016-1431 79 XSS 2016-06-17 2016-06-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
402 CVE-2016-1428 399 DoS 2016-06-22 2016-11-29
6.8
None Remote Low Single system None None Complete
Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.
403 CVE-2016-1427 287 +Info 2016-06-17 2016-11-29
5.0
None Remote Low Not required Partial None None
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
404 CVE-2016-1424 119 DoS Overflow 2016-06-18 2016-06-20
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.
405 CVE-2016-1421 119 DoS Overflow 2016-06-09 2016-06-10
5.0
None Remote Low Not required None None Partial
The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034.
406 CVE-2016-1420 2016-06-09 2016-06-10
7.2
None Local Low Not required Complete Complete Complete
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
407 CVE-2016-1419 20 DoS 2016-06-09 2017-08-15
6.8
None Local Network Low Not required None Partial Complete
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
408 CVE-2016-1418 20 2016-06-08 2016-06-15
7.2
None Local Low Not required Complete Complete Complete
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.
409 CVE-2016-1405 119 DoS Overflow 2016-06-08 2016-11-28
5.0
None Remote Low Not required None None Partial
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
410 CVE-2016-1403 20 Exec Code +Priv 2016-06-04 2016-06-07
7.2
None Local Low Not required Complete Complete Complete
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
411 CVE-2016-1397 119 DoS Overflow 2016-06-18 2017-08-31
6.8
None Remote Low Single system None None Complete
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
412 CVE-2016-1396 79 XSS 2016-06-18 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
413 CVE-2016-1395 20 Exec Code 2016-06-18 2016-11-29
10.0
None Remote Low Not required Complete Complete Complete
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
414 CVE-2016-1391 20 Exec Code 2016-06-03 2017-08-08
6.5
None Remote Low Single system Partial Partial Partial
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.
415 CVE-2016-1390 20 2016-06-03 2016-08-03
7.2
None Local Low Not required Complete Complete Complete
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
416 CVE-2016-1388 77 Exec Code 2016-06-02 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
417 CVE-2016-1370 20 DoS 2016-06-02 2017-09-02
5.0
None Remote Low Not required None None Partial
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.
418 CVE-2016-1237 284 Bypass 2016-06-29 2016-11-28
4.9
None Local Low Not required Complete None None
nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.
419 CVE-2016-1234 119 DoS Overflow 2016-06-01 2019-05-31
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
420 CVE-2016-1230 79 XSS 2016-06-04 2016-06-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
421 CVE-2016-1229 79 XSS 2016-06-04 2016-06-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
422 CVE-2016-1226 79 XSS 2016-06-19 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
423 CVE-2016-1225 200 +Info 2016-06-19 2016-11-29
5.0
None Remote Low Not required Partial None None
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
424 CVE-2016-1224 79 XSS 2016-06-18 2016-06-21
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
425 CVE-2016-1223 22 Dir. Trav. 2016-06-18 2016-06-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
426 CVE-2016-1222 79 XSS 2016-06-04 2016-10-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
427 CVE-2016-1212 22 Dir. Trav. 2016-06-04 2016-06-06
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
428 CVE-2016-1211 79 XSS 2016-06-04 2016-06-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
429 CVE-2016-1197 79 XSS 2016-06-19 2016-06-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
430 CVE-2016-1196 264 Bypass +Info 2016-06-19 2016-06-21
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
431 CVE-2016-1195 2016-06-19 2016-06-20
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
432 CVE-2016-1193 200 +Info 2016-06-25 2016-06-27
5.0
None Remote Low Not required Partial None None
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
433 CVE-2016-1192 22 Dir. Trav. 2016-06-19 2016-06-21
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
434 CVE-2016-1191 22 Dir. Trav. 2016-06-19 2016-06-21
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
435 CVE-2016-1190 284 Bypass 2016-06-25 2016-06-27
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
436 CVE-2016-1189 Bypass 2016-06-25 2016-06-27
5.5
None Remote Low Single system Partial Partial None
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
437 CVE-2016-1188 2016-06-25 2016-06-27
4.0
None Remote Low Single system None Partial None
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
438 CVE-2016-1183 264 Bypass 2016-06-18 2016-06-23
4.3
None Remote Medium Not required Partial None None
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.
439 CVE-2016-0916 287 Exec Code 2016-06-09 2017-01-10
10.0
None Remote Low Not required Complete Complete Complete
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
440 CVE-2016-0914 284 Exec Code Bypass 2016-06-22 2017-01-10
6.5
None Remote Low Single system Partial Partial Partial
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
441 CVE-2016-0912 264 Bypass 2016-06-19 2017-01-10
9.0
None Remote Low Single system Complete Complete Complete
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.
442 CVE-2016-0911 264 2016-06-19 2017-01-10
7.2
None Local Low Not required Complete Complete Complete
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.
443 CVE-2016-0910 264 2016-06-09 2017-01-10
4.3
None Local Low Single system Partial Partial Partial
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.
444 CVE-2016-0908 264 2016-06-03 2017-01-10
6.8
Admin Local Low Single system Complete Complete Complete
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
445 CVE-2016-0758 Overflow +Priv 2016-06-27 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
446 CVE-2016-0749 119 DoS Exec Code Overflow 2016-06-09 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
447 CVE-2016-0392 284 +Priv 2016-06-19 2018-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
448 CVE-2016-0376 Exec Code Bypass 2016-06-03 2018-10-09
5.1
None Remote High Not required Partial Partial Partial
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
449 CVE-2016-0375 264 2016-06-30 2016-07-08
9.0
None Remote Low Single system Complete Complete Complete
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
450 CVE-2016-0365 200 Bypass +Info 2016-06-30 2016-11-28
4.3
None Remote Medium Not required Partial None None
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
Total number of vulnerabilities : 510   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.