Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12925 1 Libfpx Project 1 Libfpx 2017-09-01 4.3 MEDIUM 6.5 MEDIUM
Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
CVE-2017-14049 1 Blackcat-cms 1 Blackcat Cms 2017-09-01 3.5 LOW 5.4 MEDIUM
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
CVE-2017-2361 1 Apple 1 Mac Os X 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
CVE-2017-5487 1 Wordpress 1 Wordpress 2017-09-01 5.0 MEDIUM 5.3 MEDIUM
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
CVE-2016-5468 1 Oracle 1 Siebel Ui Framework 2017-09-01 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.
CVE-2016-3507 1 Oracle 1 Agile Product Lifecycle Management Framework 2017-09-01 4.3 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin.
CVE-2016-3509 1 Oracle 1 Agile Product Lifecycle Management Framework 2017-09-01 4.9 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment.
CVE-2015-6931 1 Vmware 1 Vcenter Server 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1449 1 Cisco 1 Webex Meetings Server 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
CVE-2016-3513 1 Oracle 1 Communications Operations Monitor 2017-09-01 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.
CVE-2016-1447 1 Cisco 1 Webex Meetings Server 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
CVE-2016-3514 1 Oracle 1 Enterprise Communications Broker 2017-09-01 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.
CVE-2016-3517 1 Oracle 1 Agile Product Lifecycle Management Framework 2017-09-01 4.3 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut.
CVE-2016-1398 1 Cisco 6 Rv110w, Rv110w Firmware, Rv130w and 3 more 2017-09-01 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.
CVE-2016-1397 1 Cisco 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more 2017-09-01 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
CVE-2016-3518 1 Oracle 1 Mysql 2017-09-01 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-1280 1 Juniper 1 Junos 2017-09-01 6.4 MEDIUM 6.5 MEDIUM
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos.
CVE-2016-3502 1 Oracle 1 Webcenter Sites 2017-09-01 6.0 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2016-5443 1 Oracle 1 Mysql 2017-09-01 1.2 LOW 4.7 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
CVE-2016-1277 1 Juniper 1 Junos 2017-09-01 7.1 HIGH 5.9 MEDIUM
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet.
CVE-2016-1275 1 Juniper 1 Junos 2017-09-01 6.1 MEDIUM 6.5 MEDIUM
Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of Ethernet frames with IPv6 MAC addresses directly into a connected interface.
CVE-2016-3519 1 Oracle 1 Agile Product Lifecycle Management Framework 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut.
CVE-2016-3520 1 Oracle 1 E-business Suite 2017-09-01 6.8 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.
CVE-2016-3540 1 Oracle 1 Enterprise Manager Base Platform 2017-09-01 4.3 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.
CVE-2016-4646 1 Apple 1 Mac Os X 2017-09-01 4.3 MEDIUM 6.5 MEDIUM
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
CVE-2016-3542 1 Oracle 1 Knowledge Management 2017-09-01 8.5 HIGH 6.5 MEDIUM
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.
CVE-2016-3545 1 Oracle 1 Application Object Library 2017-09-01 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens.
CVE-2016-0221 1 Ibm 1 Cognos Business Intelligence 2017-09-01 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-3547 1 Oracle 1 One-to-one Fulfillment 2017-09-01 5.0 MEDIUM 5.3 MEDIUM
Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager.
CVE-2016-5307 1 Symantec 1 Endpoint Protection Manager 2017-09-01 4.0 MEDIUM 4.3 MEDIUM
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.
CVE-2016-3432 1 Oracle 1 Business Intelligence Publisher 2017-09-01 4.9 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server.
CVE-2016-3433 1 Oracle 1 Business Intelligence 2017-09-01 4.9 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration.
CVE-2016-3453 1 Oracle 1 Solaris 2017-09-01 4.9 MEDIUM 5.5 MEDIUM
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
CVE-2016-3467 1 Oracle 1 Application Express 2017-09-01 5.0 MEDIUM 5.8 MEDIUM
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.
CVE-2016-3472 1 Oracle 1 Siebel Engineering-installer And Deployment 2017-09-01 3.5 LOW 5.7 MEDIUM
Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.
CVE-2016-3475 1 Oracle 1 Knowledge 2017-09-01 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.
CVE-2016-3476 1 Oracle 1 Knowledge 2017-09-01 6.4 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.
CVE-2016-3478 1 Oracle 1 Peoplesoft Enterprise Peopletools 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.
CVE-2016-5137 1 Google 1 Chrome 2017-09-01 4.3 MEDIUM 4.3 MEDIUM
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
CVE-2015-5664 1 Qnap 1 Qts 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5135 1 Google 1 Chrome 2017-09-01 4.3 MEDIUM 6.5 MEDIUM
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
CVE-2016-1452 1 Cisco 2 Asr 5000, Asr 5000 Software 2017-09-01 6.4 MEDIUM 6.5 MEDIUM
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
CVE-2016-5133 1 Google 1 Chrome 2017-09-01 4.3 MEDIUM 5.3 MEDIUM
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
CVE-2016-5130 1 Google 1 Chrome 2017-09-01 4.3 MEDIUM 6.5 MEDIUM
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2016-3480 1 Oracle 1 Solaris Cluster 2017-09-01 4.9 MEDIUM 4.4 MEDIUM
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.
CVE-2016-3488 1 Oracle 1 Database 2017-09-01 4.9 MEDIUM 4.4 MEDIUM
Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.
CVE-2016-2989 1 Ibm 1 Connections Portlets 2017-09-01 5.8 MEDIUM 6.5 MEDIUM
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-3489 1 Oracle 1 Database 2017-09-01 7.2 HIGH 6.7 MEDIUM
Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2016-3494 1 Oracle 1 Enterprise Manager Ops Center 2017-09-01 6.1 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.
CVE-2016-3496 1 Oracle 1 Enterprise Manager For Fusion Middleware 2017-09-01 4.3 MEDIUM 4.7 MEDIUM
Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer.