Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6359 | 1 Cisco | 1 Transport Gateway Installation Software | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. | |||||
| CVE-2016-6376 | 1 Cisco | 6 Wireless Lan Controller, Wireless Lan Controller 6.0, Wireless Lan Controller 7.0 and 3 more | 2016-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263. | |||||
| CVE-2016-6204 | 1 Siemens | 1 Sinema Remote Connect Server | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-6212 | 1 Drupal | 1 Drupal | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors. | |||||
| CVE-2016-6298 | 1 Jwcrypto Project | 1 Jwcrypto | 2016-11-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | |||||
| CVE-2016-5920 | 1 Ibm | 1 Financial Transaction Manager | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5947 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2016-11-28 | 3.5 LOW | 5.7 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-5955 | 1 Ibm | 1 Rational Doors Next Generation | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5946 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2016-5945 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2016-11-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. | |||||
| CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
| CVE-2016-6027 | 1 Ibm | 1 Sterling Secure Proxy | 2016-11-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. | |||||
| CVE-2016-6026 | 1 Ibm | 1 Sterling Secure Proxy | 2016-11-28 | 2.9 LOW | 5.3 MEDIUM |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. | |||||
| CVE-2016-6130 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2016-11-28 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. | |||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | |||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
| CVE-2016-6156 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 1.9 LOW | 5.1 MEDIUM |
| Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability. | |||||
| CVE-2016-5944 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2016-6025 | 1 Ibm | 1 Sterling Secure Proxy | 2016-11-28 | 4.6 MEDIUM | 5.9 MEDIUM |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. | |||||
| CVE-2016-5997 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2016-5991 | 1 Ibm | 1 Sterling Connect\ | 2016-11-28 | 4.4 MEDIUM | 4.5 MEDIUM |
| IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-5981 | 1 Ibm | 2 Filenet Workplace, Filenet Workplace Xt | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5978 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975. | |||||
| CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-5976 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 2.6 LOW | 4.9 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | |||||
| CVE-2016-5975 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978. | |||||
| CVE-2016-5968 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors. | |||||
| CVE-2016-5972 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2016-11-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2016-5901 | 1 Ibm | 1 Business Process Manager | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5892 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5967 | 1 Ibm | 1 Rational Asset Analyzer | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | |||||
| CVE-2016-5927 | 1 Ibm | 1 Tivoli Storage Manager For Space Management | 2016-11-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output. | |||||
| CVE-2016-5721 | 1 Zimbra | 1 Zimbra Collaboration Server | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5797 | 1 Tollgrade | 1 Lighthouse Sms | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts. | |||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas | 2016-11-28 | 1.7 LOW | 6.7 MEDIUM |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||
| CVE-2016-5728 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2016-11-28 | 5.4 MEDIUM | 6.3 MEDIUM |
| Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | |||||
| CVE-2016-5878 | 1 Ibm | 1 Filenet Workplace | 2016-11-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-5663 | 1 Accellion | 1 Kiteworks Appliance | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. | |||||
| CVE-2016-5655 | 1 Misys | 1 Fusioncapital Opics Plus | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2016-11-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | |||||
| CVE-2016-5560 | 1 Oracle | 1 Siebel Customer Order Management | 2016-11-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI. | |||||
| CVE-2016-5521 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 7.5 HIGH | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. | |||||
| CVE-2016-5533 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2016-11-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5510 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5524 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. | |||||
| CVE-2016-5522 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5512 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. | |||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | |||||