Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1318 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. | |||||
| CVE-2016-1316 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | |||||
| CVE-2016-1334 | 1 Cisco | 1 Small Business Wireless Access Points Firmware | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. | |||||
| CVE-2016-1333 | 1 Cisco | 1 Ios | 2016-12-06 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878. | |||||
| CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | |||||
| CVE-2016-1307 | 1 Cisco | 2 Finesse, Unified Contact Center Express | 2016-12-06 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | |||||
| CVE-2016-1304 | 1 Cisco | 1 Unity Connection | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||||
| CVE-2016-1331 | 1 Cisco | 1 Emergency Responder | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. | |||||
| CVE-2016-0756 | 1 Prosody | 1 Prosody | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. | |||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2016-12-06 | 5.6 MEDIUM | 6.8 MEDIUM |
| Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | |||||
| CVE-2015-8748 | 1 Radicale | 1 Radicale | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | |||||
| CVE-2015-6004 | 1 Ipswitch | 1 Whatsup Gold | 2016-12-06 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-6005 | 1 Ipswitch | 1 Whatsup Gold | 2016-12-06 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||
| CVE-2015-7399 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | |||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2016-12-06 | 2.1 LOW | 4.0 MEDIUM |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2016-4081 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
| CVE-2016-4084 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. | |||||
| CVE-2016-4083 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | |||||
| CVE-2016-4080 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
| CVE-2016-4078 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. | |||||
| CVE-2016-4077 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. | |||||
| CVE-2016-4076 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-3460 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2016-12-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ePerformance. | |||||
| CVE-2016-3457 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2016-12-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security. | |||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2016-12-03 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2016-3447 | 1 Oracle | 1 Applications Framework | 2016-12-03 | 2.6 LOW | 6.9 MEDIUM |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core. | |||||
| CVE-2016-4418 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. | |||||
| CVE-2016-4417 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. | |||||
| CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | |||||
| CVE-2016-3442 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal. | |||||
| CVE-2016-4006 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. | |||||
| CVE-2016-3463 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 5.0 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. | |||||
| CVE-2016-3464 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 4.0 MEDIUM | 5.7 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts. | |||||
| CVE-2016-3462 | 1 Oracle | 1 Solaris | 2016-12-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. | |||||
| CVE-2016-4004 | 1 Dell | 1 Openmanage Server Administrator | 2016-12-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. | |||||
| CVE-2016-3434 | 1 Oracle | 1 Application Object Library | 2016-12-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout. | |||||
| CVE-2016-3435 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology. | |||||
| CVE-2016-2940 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-3417 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality. | |||||
| CVE-2016-3116 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2016-12-03 | 5.5 MEDIUM | 6.4 MEDIUM |
| CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||||
| CVE-2016-2846 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware | 2016-12-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | |||||
| CVE-2016-3429 | 1 Oracle | 1 Retail Xstore Point Of Service | 2016-12-03 | 5.4 MEDIUM | 4.5 MEDIUM |
| Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services. | |||||
| CVE-2016-2845 | 1 Google | 1 Chrome | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. | |||||
| CVE-2016-3423 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698. | |||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-3144 | 2 Fedoraproject, Fourkitchens | 2 Fedora, Block Class | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | |||||
| CVE-2016-3126 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||