| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-10005 |
200 |
|
+Info |
2016-12-19 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. |
|
2 |
CVE-2016-9908 |
200 |
|
+Info |
2016-12-23 |
2020-12-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. |
|
3 |
CVE-2016-9855 |
200 |
|
+Info |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. |
|
4 |
CVE-2016-9854 |
200 |
|
Exec Code +Info |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. |
|
5 |
CVE-2016-9853 |
200 |
|
+Info |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. |
|
6 |
CVE-2016-9852 |
200 |
|
+Info |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. |
|
7 |
CVE-2016-9848 |
200 |
|
+Info |
2016-12-11 |
2017-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. |
|
8 |
CVE-2016-9845 |
200 |
|
+Info |
2016-12-29 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes. |
|
9 |
CVE-2016-9839 |
200 |
|
+Info |
2016-12-08 |
2023-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. |
|
10 |
CVE-2016-9756 |
200 |
|
+Info |
2016-12-28 |
2017-01-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
11 |
CVE-2016-9567 |
200 |
|
+Info |
2016-11-23 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. |
|
12 |
CVE-2016-9480 |
119 |
|
DoS Overflow +Info |
2016-11-29 |
2016-12-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. |
|
13 |
CVE-2016-9449 |
200 |
|
+Info |
2016-11-25 |
2017-01-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. |
|
14 |
CVE-2016-9286 |
200 |
|
+Info |
2016-11-11 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. |
|
15 |
CVE-2016-9285 |
200 |
|
+Info |
2016-11-11 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. |
|
16 |
CVE-2016-9284 |
200 |
|
+Info |
2016-11-11 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. |
|
17 |
CVE-2016-9201 |
200 |
|
+Info |
2016-12-14 |
2016-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M. |
|
18 |
CVE-2016-9189 |
190 |
|
Overflow +Info |
2016-11-04 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
|
19 |
CVE-2016-9185 |
200 |
|
+Info |
2016-11-04 |
2018-01-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. |
|
20 |
CVE-2016-9184 |
200 |
|
Sql +Info |
2016-11-04 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. |
|
21 |
CVE-2016-9183 |
200 |
|
Sql Bypass +Info |
2016-11-04 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure. |
|
22 |
CVE-2016-9178 |
200 |
|
+Info |
2016-11-28 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. |
|
23 |
CVE-2016-9159 |
200 |
|
+Info |
2016-12-17 |
2020-03-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. |
|
24 |
CVE-2016-9136 |
119 |
|
Overflow +Info |
2016-11-03 |
2020-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue. |
|
25 |
CVE-2016-9135 |
200 |
|
Sql +Info |
2016-11-03 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. |
|
26 |
CVE-2016-9134 |
200 |
|
Sql +Info |
2016-11-03 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. |
|
27 |
CVE-2016-9103 |
200 |
|
+Info |
2016-12-09 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. |
|
28 |
CVE-2016-9086 |
200 |
|
+Info |
2016-11-03 |
2016-11-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected. |
|
29 |
CVE-2016-9017 |
200 |
|
+Info |
2016-10-28 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component. |
|
30 |
CVE-2016-8871 |
200 |
|
+Info |
2016-10-28 |
2016-11-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack. |
|
31 |
CVE-2016-8820 |
200 |
|
DoS +Info |
2016-12-16 |
2016-12-24 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. |
|
32 |
CVE-2016-8672 |
200 |
|
+Info |
2016-11-23 |
2019-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission. |
|
33 |
CVE-2016-8295 |
200 |
|
+Info |
2016-10-25 |
2017-07-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
34 |
CVE-2016-8294 |
200 |
|
+Info |
2016-10-25 |
2017-07-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
35 |
CVE-2016-8286 |
200 |
|
+Info |
2016-10-25 |
2017-07-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. |
|
36 |
CVE-2016-8100 |
200 |
|
+Info |
2016-10-10 |
2016-12-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack. |
|
37 |
CVE-2016-7960 |
200 |
|
+Info |
2016-10-13 |
2016-12-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. |
|
38 |
CVE-2016-7959 |
254 |
|
+Info |
2016-10-13 |
2016-12-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. |
|
39 |
CVE-2016-7919 |
200 |
|
Sql +Info |
2016-10-28 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." |
|
40 |
CVE-2016-7917 |
200 |
|
DoS +Info |
2016-11-16 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. |
|
41 |
CVE-2016-7916 |
362 |
|
+Info |
2016-11-16 |
2017-01-18 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. |
|
42 |
CVE-2016-7915 |
125 |
|
DoS +Info |
2016-11-16 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. |
|
43 |
CVE-2016-7914 |
125 |
|
DoS +Info |
2016-11-16 |
2018-01-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. |
|
44 |
CVE-2016-7889 |
200 |
|
+Info |
2016-12-15 |
2016-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. |
|
45 |
CVE-2016-7888 |
200 |
|
+Info |
2016-12-15 |
2016-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. |
|
46 |
CVE-2016-7887 |
200 |
|
+Info |
2016-12-15 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. |
|
47 |
CVE-2016-7561 |
200 |
|
+Info |
2016-10-05 |
2016-12-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. |
|
48 |
CVE-2016-7555 |
200 |
|
+Info |
2016-12-23 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. |
|
49 |
CVE-2016-7442 |
200 |
|
+Info |
2016-10-03 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. |
|
50 |
CVE-2016-7420 |
200 |
|
+Info |
2016-09-16 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. |
