Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0346 | 1 Ibm | 1 Cognos Business Intelligence | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3557 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load. | |||||
| CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-0359 | 1 Ibm | 1 Websphere Application Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2016-0361 | 1 Ibm | 1 General Parallel File System | 2017-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by discovering ADMIN passwords. | |||||
| CVE-2016-5454 | 1 Oracle | 1 Solaris | 2017-09-01 | 5.4 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. | |||||
| CVE-2016-5452 | 1 Oracle | 1 Solaris | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot. | |||||
| CVE-2016-6239 | 1 Openbsd | 1 Openbsd | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. | |||||
| CVE-2016-4646 | 1 Apple | 1 Mac Os X | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |||||
| CVE-2016-5137 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. | |||||
| CVE-2016-5135 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. | |||||
| CVE-2016-5133 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | |||||
| CVE-2016-5130 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | |||||
| CVE-2016-3558 | 1 Oracle | 1 Email Center | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559. | |||||
| CVE-2016-3559 | 1 Oracle | 1 Email Center | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558. | |||||
| CVE-2016-3560 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529. | |||||
| CVE-2016-3502 | 1 Oracle | 1 Webcenter Sites | 2017-09-01 | 6.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-1465 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2017-09-01 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. | |||||
| CVE-2016-3563 | 1 Oracle | 1 Enterprise Manager Base Platform | 2017-09-01 | 5.4 MEDIUM | 6.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604. | |||||
| CVE-2016-1462 | 1 Cisco | 1 Prime Service Catalog | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795. | |||||
| CVE-2016-1460 | 1 Cisco | 1 Wireless Lan Controller Software | 2017-09-01 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. | |||||
| CVE-2016-1459 | 1 Cisco | 2 Ios, Ios Xe | 2017-09-01 | 4.9 MEDIUM | 5.3 MEDIUM |
| Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. | |||||
| CVE-2016-3566 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3567 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access. | |||||
| CVE-2016-3568 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3569 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3570 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-3571 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573. | |||||
| CVE-2016-3572 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access. | |||||
| CVE-2016-3573 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571. | |||||
| CVE-2016-3451 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. | |||||
| CVE-2016-3540 | 1 Oracle | 1 Enterprise Manager Base Platform | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework. | |||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2017-09-01 | 3.3 LOW | 6.3 MEDIUM |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
| CVE-2016-3542 | 1 Oracle | 1 Knowledge Management | 2017-09-01 | 8.5 HIGH | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-3545 | 1 Oracle | 1 Application Object Library | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens. | |||||
| CVE-2016-3547 | 1 Oracle | 1 One-to-one Fulfillment | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager. | |||||
| CVE-2016-3548 | 1 Oracle | 1 Marketing | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Marketing activity collateral. | |||||
| CVE-2016-2925 | 1 Ibm | 1 Websphere Portal | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3549 | 1 Oracle | 1 E-business Suite Secure Enterprise Search | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine. | |||||
| CVE-2017-5487 | 1 Wordpress | 1 Wordpress | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | |||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2017-08-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-12077 | 1 Synology | 1 Router Manager | 2017-08-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
| CVE-2017-12076 | 1 Synology | 1 Diskstation Manager | 2017-08-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | |||||
| CVE-2014-9514 | 1 Bmc | 1 Footprints Service Core | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | |||||
| CVE-2017-13685 | 1 Sqlite | 1 Sqlite | 2017-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | |||||
| CVE-2013-7430 | 1 Mapsplugin | 1 Googlemaps | 2017-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. | |||||
| CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-30 | 2.1 LOW | 5.5 MEDIUM |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | |||||
