Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6676 | 1 Google | 1 Android | 2016-12-06 | 9.3 HIGH | 7.8 HIGH |
| Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853. | |||||
| CVE-2016-6700 | 1 Google | 1 Android | 2016-12-06 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. | |||||
| CVE-2016-6701 | 1 Google | 1 Android | 2016-12-06 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637. | |||||
| CVE-2016-6675 | 1 Google | 1 Android | 2016-12-06 | 9.3 HIGH | 7.8 HIGH |
| Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861. | |||||
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2016-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2016-1982 | 1 Privoxy | 1 Privoxy | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | |||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2016-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | |||||
| CVE-2016-1983 | 1 Privoxy | 1 Privoxy | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |||||
| CVE-2016-0975 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-12-06 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. | |||||
| CVE-2016-1297 | 1 Cisco | 1 Application Control Engine Software | 2016-12-06 | 9.0 HIGH | 8.8 HIGH |
| The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | |||||
| CVE-2016-0973 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-12-06 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via a URLLoader.load call, a different vulnerability than CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. | |||||
| CVE-2016-1301 | 1 Cisco | 2 Asa Cx Context-aware Security Software, Prime Security Manager | 2016-12-06 | 8.5 HIGH | 8.8 HIGH |
| The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | |||||
| CVE-2016-1302 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2016-12-06 | 9.0 HIGH | 8.8 HIGH |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | |||||
| CVE-2016-0948 | 1 Adobe | 1 Connect | 2016-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-0738 | 1 Openstack | 1 Swift | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
| CVE-2016-0860 | 1 Advantech | 1 Webaccess | 2016-12-06 | 10.0 HIGH | 7.5 HIGH |
| Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. | |||||
| CVE-2015-6398 | 1 Cisco | 1 Nx-os | 2016-12-06 | 7.8 HIGH | 7.5 HIGH |
| Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | |||||
| CVE-2015-8149 | 1 Symantec | 1 Encryption Management Server | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. | |||||
| CVE-2015-8148 | 1 Symantec | 1 Encryption Management Server | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||||
| CVE-2015-8150 | 1 Symantec | 1 Encryption Management Server | 2016-12-06 | 6.3 MEDIUM | 7.8 HIGH |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. | |||||
| CVE-2015-5663 | 1 Rarlab | 1 Winrar | 2016-12-06 | 3.7 LOW | 7.4 HIGH |
| The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | |||||
| CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2016-12-06 | 8.5 HIGH | 8.5 HIGH |
| The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | |||||
| CVE-2016-9564 | 1 Boa | 1 Boa | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | |||||
| CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2016-12-03 | 7.2 HIGH | 8.8 HIGH |
| Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
| CVE-2016-9752 | 1 S9y | 1 Serendipity | 2016-12-03 | 5.0 MEDIUM | 8.6 HIGH |
| In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | |||||
| CVE-2016-3455 | 1 Oracle | 1 Outside In Technology | 2016-12-03 | 9.0 HIGH | 8.6 HIGH |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters. | |||||
| CVE-2016-3441 | 1 Oracle | 1 Solaris Operating System | 2016-12-03 | 7.2 HIGH | 7.8 HIGH |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. | |||||
| CVE-2016-2948 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.6 MEDIUM | 7.8 HIGH |
| IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | |||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2016-12-03 | 5.5 MEDIUM | 8.1 HIGH |
| IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-3421 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 6.5 MEDIUM | 7.4 HIGH |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide. | |||||
| CVE-2016-2844 | 1 Google | 1 Chrome | 2016-12-03 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2016-3157 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2016-12-03 | 7.2 HIGH | 7.8 HIGH |
| The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | |||||
| CVE-2016-2963 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-2344 | 1 Autodesk | 1 Autodesk Backburner | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | |||||
| CVE-2016-2001 | 1 Hp | 1 Universal Cmbd Foundation | 2016-12-03 | 5.8 MEDIUM | 7.4 HIGH |
| HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | |||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2016-12-03 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2243 | 1 Hp | 30 1000 Series Firmware, 700 Series Firmware, 800 Series Firmware and 27 more | 2016-12-03 | 5.4 MEDIUM | 7.9 HIGH |
| Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. | |||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2016-12-03 | 6.5 MEDIUM | 8.2 HIGH |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||||
| CVE-2016-1996 | 1 Hp | 1 System Management Homepage | 2016-12-03 | 3.6 LOW | 7.7 HIGH |
| HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-1993 | 1 Hp | 1 System Management Homepage | 2016-12-03 | 5.5 MEDIUM | 8.1 HIGH |
| HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2016-12-03 | 4.4 MEDIUM | 7.4 HIGH |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||||
| CVE-2016-1972 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1959 | 1 Mozilla | 1 Firefox | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | |||||
| CVE-2016-1970 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1969 | 2 Mozilla, Sil | 3 Firefox, Firefox Esr, Graphite2 | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. | |||||
| CVE-2016-1971 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. | |||||
| CVE-2016-1968 | 1 Mozilla | 1 Firefox | 2016-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. | |||||
| CVE-2016-1746 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | |||||
| CVE-2016-1747 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. | |||||
| CVE-2016-1736 | 1 Apple | 1 Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735. | |||||