Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5448 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-09-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. | |||||
| CVE-2016-5449 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. | |||||
| CVE-2016-5450 | 1 Oracle | 1 Siebel Ui Framework | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI. | |||||
| CVE-2016-5451 | 1 Oracle | 1 Siebel Ui Framework | 2017-09-01 | 5.5 MEDIUM | 8.1 HIGH |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. | |||||
| CVE-2016-5452 | 1 Oracle | 1 Solaris | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot. | |||||
| CVE-2016-5453 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. | |||||
| CVE-2016-5454 | 1 Oracle | 1 Solaris | 2017-09-01 | 5.4 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. | |||||
| CVE-2016-5455 | 1 Oracle | 1 Communications Messaging Server | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor. | |||||
| CVE-2016-5456 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 6.3 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services. | |||||
| CVE-2016-5457 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-09-01 | 9.0 HIGH | 8.8 HIGH |
| Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. | |||||
| CVE-2016-5458 | 1 Oracle | 1 Communications Eagle Application Processor | 2017-09-01 | 5.5 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL. | |||||
| CVE-2016-5459 | 1 Oracle | 1 Siebel Core-common Components | 2017-09-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp. | |||||
| CVE-2016-5460 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466. | |||||
| CVE-2016-5461 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager. | |||||
| CVE-2016-5462 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.0 MEDIUM | 2.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. | |||||
| CVE-2016-5463 | 1 Oracle | 1 Siebel Ui Framework | 2017-09-01 | 3.5 LOW | 4.1 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464. | |||||
| CVE-2016-5464 | 1 Oracle | 1 Siebel Ui Framework | 2017-09-01 | 3.5 LOW | 4.1 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5463. | |||||
| CVE-2016-5465 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-09-01 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor. | |||||
| CVE-2016-5466 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460. | |||||
| CVE-2016-5467 | 1 Oracle | 1 Peoplesoft Enterprise Scm Eprocurement | 2017-09-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement. | |||||
| CVE-2016-5468 | 1 Oracle | 1 Siebel Ui Framework | 2017-09-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451. | |||||
| CVE-2016-5469 | 1 Oracle | 1 Solaris | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471. | |||||
| CVE-2016-5470 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-09-01 | 7.1 HIGH | 6.5 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer. | |||||
| CVE-2016-5471 | 1 Oracle | 1 Solaris | 2017-09-01 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469. | |||||
| CVE-2016-5472 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging. | |||||
| CVE-2016-5473 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 3.5 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537. | |||||
| CVE-2016-5474 | 1 Oracle | 1 Retail Service Backbone | 2017-09-01 | 9.0 HIGH | 8.8 HIGH |
| Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel. | |||||
| CVE-2016-5475 | 1 Oracle | 1 Retail Service Backbone | 2017-09-01 | 8.0 HIGH | 7.6 HIGH |
| Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install. | |||||
| CVE-2016-5476 | 1 Oracle | 1 Retail Integration Bus | 2017-09-01 | 6.5 MEDIUM | 7.6 HIGH |
| Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install. | |||||
| CVE-2016-5477 | 1 Oracle | 1 Glassfish Server | 2017-09-01 | 5.0 MEDIUM | 5.8 MEDIUM |
| Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | |||||
| CVE-2016-5742 | 1 Sixapart | 2 Movable Type, Movable Type Open Source | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-6239 | 1 Openbsd | 1 Openbsd | 2017-09-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. | |||||
| CVE-2016-6240 | 1 Openbsd | 1 Openbsd | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||||
| CVE-2016-6241 | 1 Openbsd | 1 Openbsd | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||||
| CVE-2017-0038 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2017-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. | |||||
| CVE-2017-0312 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges | |||||
| CVE-2017-0313 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. | |||||
| CVE-2017-2361 | 1 Apple | 1 Mac Os X | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||||
| CVE-2017-2362 | 1 Apple | 3 Apple Tv, Iphone Os, Safari | 2017-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
| CVE-2017-5487 | 1 Wordpress | 1 Wordpress | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. | |||||
| CVE-2017-5496 | 1 Sawmill | 1 Sawmill | 2017-09-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. | |||||
| CVE-2017-5521 | 1 Netgear | 26 Ac1450, Ac1450 Firmware, D6220 and 23 more | 2017-09-01 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | |||||
| CVE-2017-6351 | 1 Wepresent | 2 Wipg-1500, Wipg-1500 Firmware | 2017-09-01 | 9.3 HIGH | 8.1 HIGH |
| The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885. | |||||
| CVE-2015-1386 | 1 Unshield Project | 1 Unshield | 2017-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in unshield 1.0-1. | |||||
| CVE-2015-1430 | 1 Xymon | 1 Xymon | 2017-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in xymon 4.3.17-1. | |||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2017-08-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2017-10832 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||