Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6910 | 1 Google | 1 Android | 2016-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data. | |||||
| CVE-2016-7968 | 1 Kde | 1 Kmail | 2016-12-27 | 7.5 HIGH | 6.5 MEDIUM |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||||
| CVE-2016-9757 | 1 Rapid7 | 1 Nexpose | 2016-12-27 | 3.5 LOW | 5.4 MEDIUM |
| In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context. | |||||
| CVE-2016-8104 | 1 Intel | 1 Proset\/wireless Software And Drivers | 2016-12-27 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. | |||||
| CVE-2016-8103 | 1 Intel | 19 Canyon Bios, Citry Bios, City Bios and 16 more | 2016-12-27 | 6.8 MEDIUM | 6.7 MEDIUM |
| SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. | |||||
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2016-12-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | |||||
| CVE-2016-7438 | 1 Wolfssl | 1 Wolfssl | 2016-12-24 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||
| CVE-2016-6881 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | |||||
| CVE-2016-7439 | 1 Wolfssl | 1 Wolfssl | 2016-12-24 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||
| CVE-2016-9561 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file. | |||||
| CVE-2016-8820 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2016-12-24 | 5.6 MEDIUM | 6.1 MEDIUM |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. | |||||
| CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2016-12-23 | 6.8 MEDIUM | 5.6 MEDIUM |
| NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||||
| CVE-2016-6934 | 1 Adobe | 2 Experience Manager Forms, Livecycle | 2016-12-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. | |||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-12-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | |||||
| CVE-2016-5303 | 1 Horde | 1 Groupware | 2016-12-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. | |||||
| CVE-2016-6933 | 1 Adobe | 2 Experience Manager, Livecycle | 2016-12-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | |||||
| CVE-2015-3271 | 1 Apache | 1 Tika | 2016-12-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. | |||||
| CVE-2016-8826 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Gpu Driver | 2016-12-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. | |||||
| CVE-2016-9208 | 1 Cisco | 1 Emergency Responder | 2016-12-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). | |||||
| CVE-2016-9207 | 1 Cisco | 1 Expressway | 2016-12-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9. | |||||
| CVE-2016-9206 | 1 Cisco | 1 Unified Communications Manager | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). | |||||
| CVE-2016-9214 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). | |||||
| CVE-2016-9202 | 1 Cisco | 1 Email Security Appliance | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. | |||||
| CVE-2016-9200 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6. | |||||
| CVE-2016-9199 | 1 Cisco | 1 Iox | 2016-12-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0. | |||||
| CVE-2016-1000142 | 1 Parsi-font Project | 1 Parsi-font | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin parsi-font v4.2.5 | |||||
| CVE-2016-1000145 | 1 Pondol-carousel Project | 1 Pondol-carousel | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin pondol-carousel v1.0 | |||||
| CVE-2016-1000155 | 1 Wpsolr | 1 Wpsolr-search-engine | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | |||||
| CVE-2016-1000152 | 1 Tidio-form Project | 1 Tidio-form | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin tidio-form v1.0 | |||||
| CVE-2016-1000137 | 1 Hero-maps-pro Project | 1 Hero-maps-pro | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | |||||
| CVE-2016-1000139 | 1 Infusionsoft Project | 1 Infusionsoft | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin infusionsoft v1.5.11 | |||||
| CVE-2016-1000131 | 1 E-search Project | 1 Esearch | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin e-search v1.0 | |||||
| CVE-2016-1000151 | 1 Tera-charts Project | 1 Tera-charts | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin tera-charts v1.0 | |||||
| CVE-2016-1000144 | 1 Photoxhibit Project | 1 Photoxhibit | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||||
| CVE-2016-1000135 | 1 Hdw-tube Project | 1 Hdw-tube | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin hdw-tube v1.2 | |||||
| CVE-2016-1000128 | 1 Anti-plagiarism Project | 1 Anti-plagiarism | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||||
| CVE-2016-1000130 | 1 E-search Project | 1 E-search | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin e-search v1.0 | |||||
| CVE-2016-1000150 | 1 Oxil | 1 Simplified-content | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin simplified-content v1.0.0 | |||||
| CVE-2016-1000147 | 1 Recipes-writer Project | 1 Recipes-writer | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin recipes-writer v1.0.4 | |||||
| CVE-2016-1000153 | 1 Tidio-gallery Project | 1 Tidio-gallery | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin tidio-gallery v1.1 | |||||
| CVE-2016-1000134 | 1 Hdw-tube Project | 1 Hdw-tube | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin hdw-tube v1.2 | |||||
| CVE-2016-7883 | 1 Adobe | 1 Experience Manager | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. | |||||
| CVE-2016-7888 | 1 Adobe | 1 Digital Editions | 2016-12-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||||
| CVE-2016-7884 | 1 Adobe | 1 Experience Manager | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | |||||
| CVE-2016-7882 | 1 Adobe | 1 Experience Manager | 2016-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | |||||
| CVE-2016-8561 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2016-12-22 | 6.0 MEDIUM | 6.6 MEDIUM |
| Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access. | |||||
| CVE-2016-7959 | 1 Siemens | 1 Simatic Step 7 | 2016-12-22 | 1.9 LOW | 4.7 MEDIUM |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | |||||
| CVE-2016-8562 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2016-12-22 | 3.5 LOW | 5.3 MEDIUM |
| Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables. | |||||
| CVE-2016-3129 | 1 Blackberry | 1 Good Enterprise Mobility Server | 2016-12-22 | 8.5 HIGH | 6.6 MEDIUM |
| A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. | |||||
| CVE-2016-1774 | 1 Apple | 1 Mac Os X Server | 2016-12-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | |||||