Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1318 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. | |||||
| CVE-2016-1321 | 1 Cisco | 1 Universal Small Cell Firmware | 2016-12-06 | 5.0 MEDIUM | 5.8 MEDIUM |
| Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082. | |||||
| CVE-2016-1316 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | |||||
| CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | |||||
| CVE-2016-1331 | 1 Cisco | 1 Emergency Responder | 2016-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. | |||||
| CVE-2016-1334 | 1 Cisco | 1 Small Business Wireless Access Points Firmware | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. | |||||
| CVE-2016-1330 | 1 Cisco | 1 Ios | 2016-12-06 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746. | |||||
| CVE-2016-1333 | 1 Cisco | 1 Ios | 2016-12-06 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878. | |||||
| CVE-2016-0756 | 1 Prosody | 1 Prosody | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. | |||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2016-12-06 | 5.6 MEDIUM | 6.8 MEDIUM |
| Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | |||||
| CVE-2015-8748 | 1 Radicale | 1 Radicale | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | |||||
| CVE-2015-7399 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2016-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | |||||
| CVE-2015-6004 | 1 Ipswitch | 1 Whatsup Gold | 2016-12-06 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-6005 | 1 Ipswitch | 1 Whatsup Gold | 2016-12-06 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2016-12-06 | 2.1 LOW | 4.0 MEDIUM |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2016-4006 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. | |||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2016-12-03 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2016-4418 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. | |||||
| CVE-2016-4417 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. | |||||
| CVE-2016-4078 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. | |||||
| CVE-2016-4077 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. | |||||
| CVE-2016-4076 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-4004 | 1 Dell | 1 Openmanage Server Administrator | 2016-12-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. | |||||
| CVE-2016-4081 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2016-4084 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. | |||||
| CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | |||||
| CVE-2016-4083 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-4080 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
| CVE-2016-3462 | 1 Oracle | 1 Solaris | 2016-12-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. | |||||
| CVE-2016-3460 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2016-12-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ePerformance. | |||||
| CVE-2016-3457 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Eperformance | 2016-12-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformance component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security. | |||||
| CVE-2016-3447 | 1 Oracle | 1 Applications Framework | 2016-12-03 | 2.6 LOW | 6.9 MEDIUM |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core. | |||||
| CVE-2016-3442 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Portal. | |||||
| CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | |||||
| CVE-2016-3464 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 4.0 MEDIUM | 5.7 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts. | |||||
| CVE-2016-3463 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 5.0 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. | |||||
| CVE-2016-3417 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality. | |||||
| CVE-2016-3423 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698. | |||||
| CVE-2016-3429 | 1 Oracle | 1 Retail Xstore Point Of Service | 2016-12-03 | 5.4 MEDIUM | 4.5 MEDIUM |
| Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services. | |||||
| CVE-2016-3434 | 1 Oracle | 1 Application Object Library | 2016-12-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout. | |||||
| CVE-2016-3435 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect availability via vectors related to PIA Core Technology. | |||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-3126 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2846 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware | 2016-12-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | |||||
| CVE-2016-2940 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-3144 | 2 Fedoraproject, Fourkitchens | 2 Fedora, Block Class | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | |||||
| CVE-2016-2845 | 1 Google | 1 Chrome | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. | |||||
| CVE-2016-3116 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2016-12-03 | 5.5 MEDIUM | 6.4 MEDIUM |
| CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||||