CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2016-3263 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.
602 CVE-2016-3262 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
603 CVE-2016-3209 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
604 CVE-2016-3060 284 2016-10-29 2016-11-28
3.5
None Remote Medium ??? None Partial None
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
605 CVE-2016-3056 79 XSS 2016-10-14 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content.
606 CVE-2016-3042 79 XSS 2016-10-01 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
607 CVE-2016-2848 20 DoS 2016-10-21 2018-09-27
5.0
None Remote Low Not required None None Partial
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
608 CVE-2016-2308 +Info 2016-10-05 2016-10-05
7.5
None Remote Low Not required Partial Partial Partial
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file.
609 CVE-2016-2307 200 +Info 2016-10-05 2016-10-05
5.0
None Remote Low Not required Partial None None
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file.
610 CVE-2016-1598 79 XSS 2016-10-27 2016-11-28
3.5
None Remote Medium ??? None Partial None
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
611 CVE-2016-1592 79 XSS 2016-10-27 2018-09-27
4.3
None Remote Medium Not required None Partial None
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
612 CVE-2016-1486 19 DoS 2016-10-28 2017-07-29
7.8
None Remote Low Not required None None Complete
A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047.
613 CVE-2016-1481 20 DoS 2016-10-28 2017-07-29
7.8
None Remote Low Not required None None Complete
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066.
614 CVE-2016-1480 388 Bypass 2016-10-28 2017-07-29
5.0
None Remote Low Not required Partial None None
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066.
615 CVE-2016-1455 200 +Info 2016-10-05 2017-07-30
5.0
None Remote Low Not required Partial None None
Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.
616 CVE-2016-1454 20 DoS 2016-10-06 2020-08-25
7.1
None Remote Medium Not required None None Complete
Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417.
617 CVE-2016-1453 119 Exec Code Overflow 2016-10-06 2017-07-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
618 CVE-2016-1423 79 XSS 2016-10-28 2017-07-29
4.3
None Remote Medium Not required None Partial None
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.
619 CVE-2016-1372 284 DoS 2016-10-03 2016-10-04
4.3
None Remote Medium Not required None None Partial
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
620 CVE-2016-1371 284 DoS 2016-10-03 2016-10-04
4.3
None Remote Medium Not required None None Partial
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
621 CVE-2016-1246 119 DoS Overflow 2016-10-05 2017-11-13
5.0
None Remote Low Not required None None Partial
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
622 CVE-2016-1244 20 Exec Code 2016-10-03 2018-10-21
9.3
None Remote Medium Not required Complete Complete Complete
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
623 CVE-2016-1243 119 Exec Code Overflow 2016-10-03 2018-10-21
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
624 CVE-2016-1240 20 +Priv 2016-10-03 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
625 CVE-2016-1091 416 Exec Code 2016-10-13 2017-07-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
626 CVE-2016-1089 416 Exec Code 2016-10-13 2017-07-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
627 CVE-2016-0913 20 Exec Code 2016-10-05 2017-07-30
7.5
None Remote Low Not required Partial Partial Partial
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.
628 CVE-2016-0377 200 +Info CSRF 2016-10-22 2017-08-16
4.0
None Remote Low ??? Partial None None
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
629 CVE-2016-0328 77 Exec Code 2016-10-22 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
630 CVE-2016-0326 77 Exec Code 2016-10-22 2016-11-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
631 CVE-2016-0249 89 Exec Code Sql 2016-10-16 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
632 CVE-2016-0247 200 Bypass +Info 2016-10-22 2016-11-28
2.1
None Local Low Not required Partial None None
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
633 CVE-2016-0246 79 XSS 2016-10-22 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
634 CVE-2016-0242 200 +Info 2016-10-22 2017-04-07
4.0
None Remote Low ??? Partial None None
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
635 CVE-2016-0241 284 2016-10-22 2016-11-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
636 CVE-2016-0240 254 +Info 2016-10-22 2016-11-28
4.3
None Remote Medium Not required Partial None None
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
637 CVE-2016-0239 264 2016-10-22 2016-11-28
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.
638 CVE-2016-0236 77 Exec Code 2016-10-21 2016-11-28
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
639 CVE-2016-0204 601 2016-10-16 2018-05-02
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
640 CVE-2016-0142 119 Exec Code Overflow 2016-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
641 CVE-2016-0079 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
642 CVE-2016-0075 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
643 CVE-2016-0073 200 +Priv +Info 2016-10-14 2018-10-12
2.1
None Local Low Not required Partial None None
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
644 CVE-2016-0070 200 +Priv +Info 2016-10-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
645 CVE-2015-1000013 434 2016-10-06 2016-11-28
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
646 CVE-2015-1000012 200 +Info File Inclusion 2016-10-06 2017-01-12
5.0
None Remote Low Not required Partial None None
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
647 CVE-2015-1000011 89 Sql 2016-10-06 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
Blind SQL Injection in wordpress plugin dukapress v2.5.9
648 CVE-2015-1000010 284 2016-10-06 2016-11-30
5.0
None Remote Low Not required Partial None None
Remote file download in simple-image-manipulator v1.0 wordpress plugin
649 CVE-2015-1000009 284 2016-10-06 2016-10-27
6.4
None Remote Low Not required None Partial Partial
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
650 CVE-2015-1000008 200 +Info 2016-10-06 2016-10-27
5.0
None Remote Low Not required Partial None None
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2
Total number of vulnerabilities : 681   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.