Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6313 | 1 Cisco | 7 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 4 more | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | |||||
| CVE-2014-9769 | 1 Pcre | 1 Pcre | 2016-12-03 | 7.5 HIGH | 7.3 HIGH |
| pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. | |||||
| CVE-2015-0718 | 1 Cisco | 3 Nx-os, Nx-os 1000v Switch, Unified Computing System | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | |||||
| CVE-2016-8343 | 1 Indasengineering | 1 Web Scada | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2016-8101 | 1 Intel | 1 Solid-state Drive Toolbox | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-7991 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. | |||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | |||||
| CVE-2016-7506 | 1 Artifex | 1 Mujs | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | |||||
| CVE-2016-7561 | 1 Fortinet | 1 Fortiwlc | 2016-12-02 | 4.0 MEDIUM | 7.2 HIGH |
| Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. | |||||
| CVE-2016-4106 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. | |||||
| CVE-2016-7964 | 1 Dokuwiki | 1 Dokuwiki | 2016-12-02 | 4.3 MEDIUM | 8.6 HIGH |
| The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16. | |||||
| CVE-2016-7988 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | |||||
| CVE-2016-7488 | 1 Teradata | 1 Virtual Machine | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | |||||
| CVE-2016-7989 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. | |||||
| CVE-2016-1820 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1821 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1826 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1850 | 1 Apple | 1 Mac Os X | 2016-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||||
| CVE-2016-1825 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1822 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1853 | 1 Apple | 1 Mac Os X | 2016-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | |||||
| CVE-2016-3033 | 1 Ibm | 1 Appscan Source | 2016-12-02 | 5.5 MEDIUM | 8.1 HIGH |
| IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-5393 | 1 Apache | 1 Hadoop | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | |||||
| CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
| CVE-2016-1843 | 1 Apple | 1 Mac Os X | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2016-12-01 | 9.0 HIGH | 8.8 HIGH |
| Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | |||||
| CVE-2016-2946 | 2 Ibm, Linux | 2 Tivoli Monitoring, Linux Kernel | 2016-12-01 | 7.2 HIGH | 7.8 HIGH |
| Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-2917 | 1 Ibm | 1 Tririga Application Platform | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via unspecified vectors. | |||||
| CVE-2016-3012 | 1 Ibm | 2 Api Connect, Network Path Manager | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | |||||
| CVE-2016-2884 | 1 Ibm | 1 Forms Experience Builder | 2016-12-01 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-3055 | 1 Ibm | 1 Filenet Workplace | 2016-12-01 | 5.5 MEDIUM | 8.1 HIGH |
| IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-3994 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 6.4 MEDIUM | 8.2 HIGH |
| The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. | |||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | |||||
| CVE-2016-3993 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. | |||||
| CVE-2016-4480 | 2 Oracle, Xen | 2 Vm Server, Xen | 2016-12-01 | 7.2 HIGH | 8.4 HIGH |
| The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. | |||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | |||||
| CVE-2016-3185 | 1 Php | 1 Php | 2016-12-01 | 6.4 MEDIUM | 7.1 HIGH |
| The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. | |||||
| CVE-2016-2014 | 1 Hp | 1 Network Node Manager I | 2016-12-01 | 8.5 HIGH | 8.1 HIGH |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2016-2009 | 1 Hp | 1 Network Node Manager I | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2016-2025 | 1 Hp | 1 Service Manager | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. | |||||
| CVE-2016-2015 | 1 Hp | 1 System Management Homepage | 2016-12-01 | 6.6 MEDIUM | 7.1 HIGH |
| HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-1846 | 1 Apple | 1 Mac Os X | 2016-12-01 | 9.3 HIGH | 7.8 HIGH |
| The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. | |||||
| CVE-2016-1848 | 1 Apple | 1 Mac Os X | 2016-12-01 | 6.8 MEDIUM | 7.8 HIGH |
| QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||||
| CVE-2016-1809 | 1 Apple | 1 Mac Os X | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. | |||||
| CVE-2016-1810 | 1 Apple | 1 Mac Os X | 2016-12-01 | 9.3 HIGH | 7.8 HIGH |
| The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1812 | 1 Apple | 1 Mac Os X | 2016-12-01 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1806 | 1 Apple | 1 Mac Os X | 2016-12-01 | 9.3 HIGH | 7.8 HIGH |
| Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||