CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4900 326 2016-10-14 2020-12-09
4.3
None Remote Medium Not required Partial None None
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.
2 CVE-2013-4118 476 DoS 2016-10-03 2020-03-06
5.0
None Remote Low Not required None None Partial
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
3 CVE-2013-4119 476 DoS 2016-10-03 2020-03-06
5.0
None Remote Low Not required None None Partial
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.
4 CVE-2014-5414 254 2016-10-05 2016-11-28
9.4
None Remote Low Not required Complete Complete None
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
5 CVE-2014-5415 264 2016-10-05 2016-11-28
9.4
None Remote Low Not required Complete Complete None
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
6 CVE-2015-0572 362 DoS 2016-10-10 2020-08-04
4.4
None Local Medium Not required Partial Partial Partial
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.
7 CVE-2015-0721 264 Bypass 2016-10-06 2017-07-30
9.0
None Remote Low ??? Complete Complete Complete
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
8 CVE-2015-0787 79 XSS 2016-10-27 2018-09-27
4.3
None Remote Medium Not required None Partial None
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
9 CVE-2015-1832 399 DoS 2016-10-03 2020-10-20
6.4
None Remote Low Not required Partial None Partial
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
10 CVE-2015-2080 200 +Info 2016-10-07 2019-03-08
5.0
None Remote Low Not required Partial None None
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
11 CVE-2015-3288 20 DoS +Priv 2016-10-16 2017-01-07
7.2
None Local Low Not required Complete Complete Complete
mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
12 CVE-2015-5162 399 DoS 2016-10-07 2018-01-05
7.8
None Remote Low Not required None None Complete
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
13 CVE-2015-6392 399 DoS 2016-10-06 2017-07-30
7.8
None Remote Low Not required None None Complete
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.
14 CVE-2015-6393 399 DoS 2016-10-06 2017-07-30
7.8
None Remote Low Not required None None Complete
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182.
15 CVE-2015-7363 79 XSS 2016-10-07 2017-07-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
16 CVE-2015-8085 326 2016-10-03 2016-11-28
4.0
None Remote Low ??? Partial None None
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
17 CVE-2015-8086 326 2016-10-03 2016-11-28
4.0
None Remote Low ??? Partial None None
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.
18 CVE-2015-8950 200 +Info 2016-10-10 2016-11-28
4.3
None Remote Medium Not required Partial None None
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
19 CVE-2015-8951 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
20 CVE-2015-8952 19 DoS 2016-10-16 2018-03-16
2.1
None Local Low Not required None None Partial
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
21 CVE-2015-8953 399 DoS 2016-10-16 2016-11-28
4.9
None Local Low Not required None None Complete
fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.
22 CVE-2015-8955 264 DoS +Priv 2016-10-10 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
23 CVE-2015-8956 476 DoS +Info 2016-10-10 2018-01-05
3.6
None Local Low Not required Partial None Partial
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
24 CVE-2015-1000000 434 2016-10-06 2016-10-27
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
25 CVE-2015-1000001 434 2016-10-06 2017-03-07
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
26 CVE-2015-1000002 20 2016-10-06 2017-03-29
5.8
None Remote Medium Not required Partial Partial None
Open Proxy in filedownload v1.4 wordpress plugin
27 CVE-2015-1000003 89 Sql 2016-10-06 2017-03-29
7.5
None Remote Low Not required Partial Partial Partial
Blind SQL Injection in filedownload v1.4 wordpress plugin
28 CVE-2015-1000004 79 XSS 2016-10-06 2017-03-29
4.3
None Remote Medium Not required None Partial None
XSS in filedownload v1.4 wordpress plugin
29 CVE-2015-1000005 22 Dir. Trav. 2016-10-06 2017-03-29
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
30 CVE-2015-1000006 22 Dir. Trav. 2016-10-06 2017-03-29
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
31 CVE-2015-1000007 200 +Info 2016-10-06 2016-10-27
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in wptf-image-gallery v1.03
32 CVE-2015-1000008 200 +Info 2016-10-06 2016-10-27
5.0
None Remote Low Not required Partial None None
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2
33 CVE-2015-1000009 284 2016-10-06 2016-10-27
6.4
None Remote Low Not required None Partial Partial
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
34 CVE-2015-1000010 284 2016-10-06 2016-11-30
5.0
None Remote Low Not required Partial None None
Remote file download in simple-image-manipulator v1.0 wordpress plugin
35 CVE-2015-1000011 89 Sql 2016-10-06 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
Blind SQL Injection in wordpress plugin dukapress v2.5.9
36 CVE-2015-1000012 200 +Info File Inclusion 2016-10-06 2017-01-12
5.0
None Remote Low Not required Partial None None
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
37 CVE-2015-1000013 434 2016-10-06 2016-11-28
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
38 CVE-2016-0070 200 +Priv +Info 2016-10-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
39 CVE-2016-0073 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
40 CVE-2016-0075 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
41 CVE-2016-0079 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
42 CVE-2016-0142 119 Exec Code Overflow 2016-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
43 CVE-2016-0204 601 2016-10-16 2018-05-02
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
44 CVE-2016-0236 77 Exec Code 2016-10-21 2016-11-28
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
45 CVE-2016-0239 264 2016-10-22 2016-11-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.
46 CVE-2016-0240 254 +Info 2016-10-22 2016-11-28
4.3
None Remote Medium Not required Partial None None
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
47 CVE-2016-0241 284 2016-10-22 2016-11-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
48 CVE-2016-0242 200 +Info 2016-10-22 2017-04-07
4.0
None Remote Low ??? Partial None None
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
49 CVE-2016-0246 79 XSS 2016-10-22 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
50 CVE-2016-0247 200 Bypass +Info 2016-10-22 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
Total number of vulnerabilities : 681   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.