CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2015-1000007 200 +Info 2016-10-06 2016-10-27
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in wptf-image-gallery v1.03
652 CVE-2015-1000006 22 Dir. Trav. 2016-10-06 2017-03-29
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
653 CVE-2015-1000005 22 Dir. Trav. 2016-10-06 2017-03-29
5.0
None Remote Low Not required Partial None None
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
654 CVE-2015-1000004 79 XSS 2016-10-06 2017-03-29
4.3
None Remote Medium Not required None Partial None
XSS in filedownload v1.4 wordpress plugin
655 CVE-2015-1000003 89 Sql 2016-10-06 2017-03-29
7.5
None Remote Low Not required Partial Partial Partial
Blind SQL Injection in filedownload v1.4 wordpress plugin
656 CVE-2015-1000002 20 2016-10-06 2017-03-29
5.8
None Remote Medium Not required Partial Partial None
Open Proxy in filedownload v1.4 wordpress plugin
657 CVE-2015-1000001 434 2016-10-06 2017-03-07
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
658 CVE-2015-1000000 434 2016-10-06 2016-10-27
5.0
None Remote Low Not required None Partial None
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
659 CVE-2015-8956 476 DoS +Info 2016-10-10 2018-01-05
3.6
None Local Low Not required Partial None Partial
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
660 CVE-2015-8955 264 DoS +Priv 2016-10-10 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
661 CVE-2015-8953 399 DoS 2016-10-16 2016-11-28
4.9
None Local Low Not required None None Complete
fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.
662 CVE-2015-8952 19 DoS 2016-10-16 2018-03-16
2.1
None Local Low Not required None None Partial
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
663 CVE-2015-8951 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
664 CVE-2015-8950 200 +Info 2016-10-10 2016-11-28
4.3
None Remote Medium Not required Partial None None
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
665 CVE-2015-8086 326 2016-10-03 2016-11-28
4.0
None Remote Low ??? Partial None None
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.
666 CVE-2015-8085 326 2016-10-03 2016-11-28
4.0
None Remote Low ??? Partial None None
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
667 CVE-2015-7363 79 XSS 2016-10-07 2017-07-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
668 CVE-2015-6393 399 DoS 2016-10-06 2017-07-30
7.8
None Remote Low Not required None None Complete
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182.
669 CVE-2015-6392 399 DoS 2016-10-06 2017-07-30
7.8
None Remote Low Not required None None Complete
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.
670 CVE-2015-5162 399 DoS 2016-10-07 2018-01-05
7.8
None Remote Low Not required None None Complete
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
671 CVE-2015-3288 20 DoS +Priv 2016-10-16 2017-01-07
7.2
None Local Low Not required Complete Complete Complete
mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
672 CVE-2015-2080 200 +Info 2016-10-07 2019-03-08
5.0
None Remote Low Not required Partial None None
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
673 CVE-2015-1832 399 DoS 2016-10-03 2020-10-20
6.4
None Remote Low Not required Partial None Partial
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
674 CVE-2015-0787 79 XSS 2016-10-27 2018-09-27
4.3
None Remote Medium Not required None Partial None
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
675 CVE-2015-0721 264 Bypass 2016-10-06 2017-07-30
9.0
None Remote Low ??? Complete Complete Complete
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
676 CVE-2015-0572 362 DoS 2016-10-10 2020-08-04
4.4
None Local Medium Not required Partial Partial Partial
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.
677 CVE-2014-5415 264 2016-10-05 2016-11-28
9.4
None Remote Low Not required Complete Complete None
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
678 CVE-2014-5414 254 2016-10-05 2016-11-28
9.4
None Remote Low Not required Complete Complete None
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
679 CVE-2013-4119 476 DoS 2016-10-03 2020-03-06
5.0
None Remote Low Not required None None Partial
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.
680 CVE-2013-4118 476 DoS 2016-10-03 2020-03-06
5.0
None Remote Low Not required None None Partial
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
681 CVE-2005-4900 326 2016-10-14 2020-12-09
4.3
None Remote Medium Not required Partial None None
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.
Total number of vulnerabilities : 681   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.