Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12925 | 1 Libfpx Project | 1 Libfpx | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | |||||
| CVE-2017-14049 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | |||||
| CVE-2016-3570 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3571 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573. | |||||
| CVE-2016-3597 | 1 Oracle | 1 Vm Virtualbox | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. | |||||
| CVE-2016-3514 | 1 Oracle | 1 Enterprise Communications Broker | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516. | |||||
| CVE-2016-3513 | 1 Oracle | 1 Communications Operations Monitor | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure. | |||||
| CVE-2016-3563 | 1 Oracle | 1 Enterprise Manager Base Platform | 2017-09-01 | 5.4 MEDIUM | 6.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604. | |||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
| CVE-2016-1398 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. | |||||
| CVE-2016-3559 | 1 Oracle | 1 Email Center | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558. | |||||
| CVE-2016-3567 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access. | |||||
| CVE-2016-4595 | 1 Apple | 1 Mac Os X | 2017-09-01 | 2.1 LOW | 4.6 MEDIUM |
| Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. | |||||
| CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
| CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2017-09-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||||
| CVE-2016-1449 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. | |||||
| CVE-2016-1447 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. | |||||
| CVE-2016-3517 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut. | |||||
| CVE-2016-1425 | 1 Cisco | 1 Ios | 2017-09-01 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | |||||
| CVE-2016-3566 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3568 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3569 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-4605 | 1 Apple | 1 Iphone Os | 2017-09-01 | 7.1 HIGH | 6.5 MEDIUM |
| Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||||
| CVE-2016-5437 | 1 Oracle | 1 Mysql | 2017-09-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. | |||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2017-09-01 | 3.3 LOW | 6.3 MEDIUM |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
| CVE-2016-4628 | 1 Apple | 2 Iphone Os, Watchos | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-01 | 3.5 LOW | 5.3 MEDIUM |
| FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
| CVE-2016-2925 | 1 Ibm | 1 Websphere Portal | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3509 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment. | |||||
| CVE-2016-5436 | 1 Oracle | 1 Mysql | 2017-09-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||||
| CVE-2016-4649 | 1 Apple | 1 Mac Os X | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2016-3507 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin. | |||||
| CVE-2016-3518 | 1 Oracle | 1 Mysql | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |||||
| CVE-2016-3519 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut. | |||||
| CVE-2016-3520 | 1 Oracle | 1 E-business Suite | 2017-09-01 | 6.8 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests. | |||||
| CVE-2016-3557 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load. | |||||
| CVE-2016-5443 | 1 Oracle | 1 Mysql | 2017-09-01 | 1.2 LOW | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. | |||||
| CVE-2016-3558 | 1 Oracle | 1 Email Center | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559. | |||||
| CVE-2016-6239 | 1 Openbsd | 1 Openbsd | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. | |||||
| CVE-2016-5441 | 1 Oracle | 1 Mysql | 2017-09-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | |||||
| CVE-2016-1397 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | |||||
| CVE-2016-3560 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529. | |||||
| CVE-2016-5442 | 1 Oracle | 1 Mysql | 2017-09-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. | |||||
| CVE-2016-3588 | 1 Oracle | 1 Mysql | 2017-09-01 | 4.9 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. | |||||
| CVE-2016-3573 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571. | |||||
| CVE-2016-5305 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. | |||||
| CVE-2016-0359 | 1 Ibm | 1 Websphere Application Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2016-3572 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access. | |||||
| CVE-2016-3537 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473. | |||||
| CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | |||||