CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2016-1000032 284 2016-10-25 2017-01-19
5.0
None Remote Low Not required None Partial None
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
52 CVE-2016-1000031 284 Exec Code 2016-10-25 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
53 CVE-2016-1000009 254 2016-10-06 2018-04-13
5.0
None Remote Low Not required None Partial None
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.
54 CVE-2016-1000007 79 XSS 2016-10-07 2020-05-14
4.3
None Remote Medium Not required None Partial None
Pagure 2.2.1 XSS in raw file endpoint
55 CVE-2016-1000003 94 Exec Code 2016-10-07 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
56 CVE-2016-1000001 601 2016-10-07 2017-02-19
5.8
None Remote Medium Not required Partial Partial None
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
57 CVE-2016-1000000 89 Sql 2016-10-06 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
58 CVE-2016-9118 119 Overflow 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
59 CVE-2016-9117 476 DoS 2016-10-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
60 CVE-2016-9116 476 DoS 2016-10-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
61 CVE-2016-9115 119 DoS Overflow 2016-10-30 2020-09-09
4.3
None Remote Medium Not required None None Partial
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
62 CVE-2016-9114 476 DoS 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
63 CVE-2016-9113 476 DoS 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
64 CVE-2016-9112 369 2016-10-29 2020-09-09
5.0
None Remote Low Not required None None Partial
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
65 CVE-2016-9028 254 2016-10-28 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
66 CVE-2016-9018 476 2016-10-28 2016-11-29
4.3
None Remote Medium Not required None None Partial
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
67 CVE-2016-9017 200 +Info 2016-10-28 2016-11-29
5.0
None Remote Low Not required Partial None None
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
68 CVE-2016-8889 310 2016-10-28 2016-11-29
2.1
None Local Low Not required Partial None None
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
69 CVE-2016-8879 787 DoS 2016-10-31 2016-11-29
4.3
None Remote Medium Not required None None Partial
The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue.
70 CVE-2016-8878 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
71 CVE-2016-8877 787 Exec Code Overflow 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.
72 CVE-2016-8876 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
73 CVE-2016-8875 125 DoS 2016-10-31 2016-11-29
4.3
None Remote Medium Not required None None Partial
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor."
74 CVE-2016-8871 200 +Info 2016-10-28 2016-11-29
2.1
None Local Low Not required Partial None None
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
75 CVE-2016-8867 264 Bypass 2016-10-28 2017-07-28
5.0
None Remote Low Not required Partial None None
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
76 CVE-2016-8856 275 Exec Code 2016-10-31 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
77 CVE-2016-8666 400 DoS 2016-10-16 2018-01-05
7.8
None Remote Low Not required None None Complete
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
78 CVE-2016-8660 19 DoS 2016-10-16 2016-11-28
4.9
None Local Low Not required None None Complete
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
79 CVE-2016-8658 119 DoS Overflow 2016-10-16 2017-01-07
5.6
None Local Low Not required None Partial Complete
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
80 CVE-2016-8600 264 2016-10-28 2016-11-28
5.0
None Remote Low Not required None Partial None
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
81 CVE-2016-8598 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.
82 CVE-2016-8597 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.
83 CVE-2016-8596 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.
84 CVE-2016-8583 79 XSS 2016-10-28 2016-11-28
4.3
None Remote Medium Not required None Partial None
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.
85 CVE-2016-8582 89 Sql 2016-10-28 2017-09-03
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
86 CVE-2016-8581 79 XSS 2016-10-28 2017-09-03
4.3
None Remote Medium Not required None Partial None
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
87 CVE-2016-8580 284 Exec Code 2016-10-28 2017-09-03
7.5
None Remote Low Not required Partial Partial Partial
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
88 CVE-2016-8579 20 2016-10-28 2016-12-02
2.1
None Local Low Not required None None Partial
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
89 CVE-2016-8565 284 2016-10-13 2017-07-29
6.4
None Remote Low Not required None Partial Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
90 CVE-2016-8564 89 Exec Code Sql 2016-10-13 2017-07-29
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
91 CVE-2016-8563 20 DoS 2016-10-13 2017-07-29
5.0
None Remote Low Not required None None Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
92 CVE-2016-8506 79 XSS 2016-10-26 2016-12-02
4.3
None Remote Medium Not required None Partial None
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
93 CVE-2016-8505 79 XSS 2016-10-26 2016-12-02
4.3
None Remote Medium Not required None Partial None
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
94 CVE-2016-8504 352 CSRF 2016-10-26 2016-12-02
4.3
None Remote Medium Not required Partial None None
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
95 CVE-2016-8503 254 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
96 CVE-2016-8502 254 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
97 CVE-2016-8501 264 Bypass 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.
98 CVE-2016-8343 22 Dir. Trav. 2016-10-05 2016-12-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
99 CVE-2016-8339 119 Exec Code Overflow 2016-10-28 2018-08-08
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
100 CVE-2016-8335 119 Exec Code Overflow 2016-10-28 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability.
Total number of vulnerabilities : 681   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.