Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8608 | 1 K7computing | 1 K7av Sentry Device Driver | 2016-12-16 | 4.9 MEDIUM | N/A |
| The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing "crashme$$". | |||||
| CVE-2016-582384 | 2016-12-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-8708 | 2016-12-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-8823. Reason: This candidate is a reservation duplicate of CVE-2016-8823. Notes: All CVE users should reference CVE-2016-8823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-5616 | 2016-12-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-5617 | 2016-12-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-6315 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | N/A |
| Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. | |||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 6.6 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | |||||
| CVE-2015-6279 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-12 | 7.8 HIGH | N/A |
| The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. | |||||
| CVE-2015-6302 | 1 Cisco | 1 Wireless Lan Controller Software | 2016-12-12 | 5.0 MEDIUM | N/A |
| The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | |||||
| CVE-2015-6305 | 2 Cisco, Microsoft | 2 Anyconnect Secure Mobility Client, Windows | 2016-12-12 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211. | |||||
| CVE-2013-5195 | 1 Apple | 3 Itunes, Safari, Webkit | 2016-12-09 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | |||||
| CVE-2015-5780 | 1 Apple | 1 Safari | 2016-12-09 | 10.0 HIGH | N/A |
| The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | |||||
| CVE-2015-5830 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. | |||||
| CVE-2015-5833 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | |||||
| CVE-2015-5864 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2015-5836 | 1 Apple | 1 Mac Os X | 2016-12-09 | 4.3 MEDIUM | N/A |
| Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2016-12-09 | 6.8 MEDIUM | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | |||||
| CVE-2015-5853 | 1 Apple | 1 Mac Os X | 2016-12-09 | 3.3 LOW | N/A |
| AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | |||||
| CVE-2015-5854 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |||||
| CVE-2015-5865 | 1 Apple | 1 Mac Os X | 2016-12-09 | 4.3 MEDIUM | N/A |
| IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-5866 | 1 Apple | 1 Mac Os X | 2016-12-09 | 9.3 HIGH | N/A |
| IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||||
| CVE-2015-5871 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5872 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5873 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | |||||
| CVE-2015-5875 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||||
| CVE-2015-5877 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | |||||
| CVE-2015-5878 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6329 | 1 Cisco | 1 Prime Collaboration Provisioning | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||||
| CVE-2015-6328 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.8 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-6332 | 1 Cisco | 1 Prime Infrastructure | 2016-12-09 | 5.0 MEDIUM | N/A |
| Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | |||||
| CVE-2015-6333 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2016-12-09 | 4.6 MEDIUM | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||||
| CVE-2015-6334 | 1 Cisco | 1 Asr 5000 Software | 2016-12-09 | 5.0 MEDIUM | N/A |
| Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. | |||||
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2016-12-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | |||||
| CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2016-12-09 | 5.0 MEDIUM | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | |||||
| CVE-2015-6549 | 1 Symantec | 1 Netbackup Opscenter | 2016-12-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1896 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-1897 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-08 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898. | |||||
| CVE-2015-1898 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-08 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897. | |||||
| CVE-2015-1992 | 1 Ibm | 1 Systems Director | 2016-12-08 | 7.2 HIGH | N/A |
| IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-4265 | 1 Cisco | 1 Ucs B-series Blade Server Software | 2016-12-08 | 4.9 MEDIUM | N/A |
| Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241. | |||||
| CVE-2015-4543 | 1 Emc | 1 Rsa Archer Grc | 2016-12-08 | 4.0 MEDIUM | N/A |
| EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. | |||||
| CVE-2015-3876 | 1 Google | 1 Android | 2016-12-08 | 9.3 HIGH | N/A |
| libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | |||||
| CVE-2015-4541 | 1 Emc | 1 Rsa Archer Grc | 2016-12-08 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4542 | 1 Emc | 1 Rsa Archer Grc | 2016-12-08 | 6.5 MEDIUM | N/A |
| EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |||||
| CVE-2015-4555 | 1 Tibco | 4 Messaging Appliance, Rendezvous, Rendezvous Network Server and 1 more | 2016-12-08 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. | |||||
| CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2016-12-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2016-12-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | |||||
| CVE-2015-6843 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-08 | 5.0 MEDIUM | N/A |
| Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||