CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9017 200 +Info 2016-10-28 2016-11-29
5.0
None Remote Low Not required Partial None None
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
2 CVE-2016-8871 200 +Info 2016-10-28 2016-11-29
2.1
None Local Low Not required Partial None None
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
3 CVE-2016-8295 200 +Info 2016-10-25 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.
4 CVE-2016-8294 200 +Info 2016-10-25 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.
5 CVE-2016-8286 200 +Info 2016-10-25 2017-07-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.
6 CVE-2016-8100 200 +Info 2016-10-10 2016-12-02
2.1
None Local Low Not required Partial None None
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
7 CVE-2016-7960 200 +Info 2016-10-13 2016-12-22
1.9
None Local Medium Not required Partial None None
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
8 CVE-2016-7959 254 +Info 2016-10-13 2016-12-22
1.9
None Local Medium Not required Partial None None
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
9 CVE-2016-7919 200 Sql +Info 2016-10-28 2016-12-02
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."
10 CVE-2016-7561 200 +Info 2016-10-05 2016-12-02
4.0
None Remote Low ??? Partial None None
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
11 CVE-2016-7442 200 +Info 2016-10-03 2018-10-09
2.1
None Local Low Not required Partial None None
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
12 CVE-2016-7397 200 +Info 2016-10-03 2018-10-09
2.1
None Local Low Not required Partial None None
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
13 CVE-2016-7031 200 +Info 2016-10-03 2016-11-28
4.3
None Remote Medium Not required Partial None None
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
14 CVE-2016-6689 200 +Info 2016-10-10 2017-09-03
4.3
None Remote Medium Not required Partial None None
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
15 CVE-2016-6688 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.
16 CVE-2016-6687 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.
17 CVE-2016-6686 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.
18 CVE-2016-6685 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.
19 CVE-2016-6684 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243.
20 CVE-2016-6683 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.
21 CVE-2016-6682 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152501 and Qualcomm internal bug CR 1049615.
22 CVE-2016-6681 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152182 and Qualcomm internal bug CR 1049521.
23 CVE-2016-6680 200 +Info 2016-10-10 2016-12-06
6.8
None Remote Medium Not required Partial Partial Partial
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR 1048052.
24 CVE-2016-6679 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1000913.
25 CVE-2016-6678 200 +Info 2016-10-10 2017-01-18
4.3
None Remote Medium Not required Partial None None
The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434.
26 CVE-2016-6677 200 +Info 2016-10-10 2016-12-06
4.3
None Remote Medium Not required Partial None None
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.
27 CVE-2016-6653 200 +Info 2016-10-06 2016-11-28
5.0
None Remote Low Not required Partial None None
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
28 CVE-2016-6550 310 +Info 2016-10-05 2016-11-28
4.3
None Local Network Medium Not required Partial Partial None
The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
29 CVE-2016-6494 200 +Info 2016-10-03 2017-11-28
2.1
None Local Low Not required Partial None None
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
30 CVE-2016-6446 200 +Info 2016-10-27 2016-11-28
5.0
None Remote Low Not required Partial None None
A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.
31 CVE-2016-6435 200 +Info 2016-10-06 2017-09-03
4.0
None Remote Low ??? Partial None None
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
32 CVE-2016-6434 287 +Info 2016-10-06 2017-09-03
4.6
None Local Low Not required Partial Partial Partial
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
33 CVE-2016-6380 20 DoS Mem. Corr. +Info 2016-10-05 2020-09-29
8.3
None Remote Medium Not required Partial Partial Complete
The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.
34 CVE-2016-6027 79 XSS +Info 2016-10-06 2016-11-28
5.8
None Remote Medium Not required Partial Partial None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
35 CVE-2016-6026 200 +Info 2016-10-06 2016-11-28
2.9
None Local Network Medium Not required Partial None None
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST.
36 CVE-2016-5986 200 +Info 2016-10-01 2017-07-30
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
37 CVE-2016-5621 200 +Info 2016-10-25 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603.
38 CVE-2016-5618 200 +Info 2016-10-25 2017-07-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
39 CVE-2016-5611 200 +Info 2016-10-25 2019-03-04
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
40 CVE-2016-5603 200 +Info 2016-10-25 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.
41 CVE-2016-5602 200 +Info 2016-10-25 2017-07-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
42 CVE-2016-5597 200 +Info 2016-10-25 2020-09-08
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
43 CVE-2016-5596 200 +Info 2016-10-25 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors.
44 CVE-2016-5584 200 +Info 2016-10-25 2019-03-04
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
45 CVE-2016-5575 200 +Info 2016-10-25 2017-07-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module.
46 CVE-2016-5565 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.
47 CVE-2016-5524 200 +Info 2016-10-25 2016-11-28
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527.
48 CVE-2016-5522 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors.
49 CVE-2016-5513 200 +Info 2016-10-25 2016-11-28
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager.
50 CVE-2016-5510 200 +Info 2016-10-25 2016-11-28
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors.
Total number of vulnerabilities : 91   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.