| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
551 |
CVE-2017-0245 |
200 |
|
+Info |
2017-05-12 |
2017-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability." |
|
552 |
CVE-2017-0220 |
200 |
|
+Info |
2017-05-12 |
2017-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259. |
|
553 |
CVE-2017-0213 |
|
|
|
2017-05-12 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. |
|
554 |
CVE-2017-0062 |
200 |
|
+Info |
2017-03-17 |
2017-08-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073. |
|
555 |
CVE-2017-0060 |
200 |
|
+Info |
2017-03-17 |
2017-08-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. |
|
556 |
CVE-2017-0058 |
200 |
|
+Info |
2017-04-12 |
2017-08-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." |
|
557 |
CVE-2016-8762 |
20 |
|
|
2017-04-02 |
2017-04-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. |
|
558 |
CVE-2016-8375 |
255 |
|
|
2017-02-13 |
2017-03-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. |
|
559 |
CVE-2016-8305 |
200 |
|
+Info |
2017-01-27 |
2017-02-11 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts). |
|
560 |
CVE-2016-8284 |
|
|
|
2016-10-25 |
2019-03-07 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. |
|
561 |
CVE-2016-8221 |
264 |
|
|
2017-01-12 |
2017-01-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. |
|
562 |
CVE-2016-8006 |
264 |
|
Bypass |
2017-01-05 |
2017-01-18 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. |
|
563 |
CVE-2016-7960 |
200 |
|
+Info |
2016-10-13 |
2016-12-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. |
|
564 |
CVE-2016-7959 |
254 |
|
+Info |
2016-10-13 |
2016-12-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. |
|
565 |
CVE-2016-7466 |
772 |
|
DoS |
2016-12-10 |
2021-08-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. |
|
566 |
CVE-2016-7218 |
200 |
|
+Info |
2016-11-10 |
2018-10-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability." |
|
567 |
CVE-2016-7094 |
119 |
|
DoS Overflow |
2016-09-21 |
2017-07-01 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. |
|
568 |
CVE-2016-6848 |
254 |
|
Exec Code |
2016-12-15 |
2016-12-16 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution. |
|
569 |
CVE-2016-6450 |
20 |
|
|
2016-11-19 |
2017-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). |
|
570 |
CVE-2016-6156 |
362 |
|
DoS |
2016-08-06 |
2016-11-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability. |
|
571 |
CVE-2016-6136 |
362 |
|
Bypass |
2016-08-06 |
2018-01-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. |
|
572 |
CVE-2016-6130 |
362 |
|
+Info |
2016-07-03 |
2016-11-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. |
|
573 |
CVE-2016-5992 |
|
|
DoS |
2016-11-25 |
2016-11-28 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors. |
|
574 |
CVE-2016-5918 |
200 |
|
+Info |
2017-02-08 |
2017-02-15 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. |
|
575 |
CVE-2016-5894 |
200 |
|
+Info |
2017-03-08 |
2019-09-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. |
|
576 |
CVE-2016-5849 |
200 |
|
+Info |
2016-07-04 |
2016-11-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. |
|
577 |
CVE-2016-5848 |
255 |
|
|
2016-07-04 |
2016-11-28 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. |
|
578 |
CVE-2016-5746 |
|
|
+Info |
2016-09-26 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. |
|
579 |
CVE-2016-5709 |
200 |
|
+Info |
2016-06-24 |
2016-11-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. |
|
580 |
CVE-2016-5551 |
284 |
|
|
2017-04-24 |
2017-07-11 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). |
|
581 |
CVE-2016-5480 |
|
|
|
2016-10-25 |
2017-07-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. |
|
582 |
CVE-2016-5443 |
|
|
|
2016-07-21 |
2017-09-01 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. |
|
583 |
CVE-2016-5237 |
264 |
|
+Priv |
2017-01-23 |
2017-09-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. |
|
584 |
CVE-2016-5107 |
125 |
|
DoS |
2016-09-02 |
2020-10-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. |
|
585 |
CVE-2016-5106 |
787 |
|
DoS |
2016-09-02 |
2020-10-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. |
|
586 |
CVE-2016-5105 |
908 |
|
|
2016-09-02 |
2020-10-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. |
|
587 |
CVE-2016-4996 |
255 |
|
|
2017-07-17 |
2019-05-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. |
|
588 |
CVE-2016-4984 |
362 |
|
|
2017-07-17 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. |
|
589 |
CVE-2016-4982 |
362 |
|
|
2017-07-17 |
2017-08-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. |
|
590 |
CVE-2016-4980 |
330 |
|
|
2019-11-27 |
2020-01-09 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A password generation weakness exists in xquest through 2016-06-13. |
|
591 |
CVE-2016-4963 |
284 |
|
DoS |
2016-06-07 |
2018-09-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. |
|
592 |
CVE-2016-4952 |
787 |
|
DoS |
2016-09-02 |
2020-10-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. |
|
593 |
CVE-2016-4924 |
275 |
|
+Info |
2017-10-13 |
2019-10-09 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 |
|
594 |
CVE-2016-4740 |
200 |
|
+Info |
2016-09-18 |
2017-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. |
|
595 |
CVE-2016-4527 |
255 |
|
+Info |
2016-06-10 |
2016-06-15 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
596 |
CVE-2016-4511 |
310 |
|
+Info |
2016-06-10 |
2016-06-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. |
|
597 |
CVE-2016-3685 |
255 |
|
+Info |
2016-12-14 |
2021-09-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. |
|
598 |
CVE-2016-3684 |
|
|
+Info |
2016-12-14 |
2021-09-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. |
|
599 |
CVE-2016-3428 |
|
|
|
2016-04-21 |
2017-09-03 |
1.8 |
None |
Local Network |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface. |
|
600 |
CVE-2016-3321 |
200 |
|
+Info |
2016-08-09 |
2018-10-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability." |
