Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6642 | 1 Google | 1 Android | 2016-12-07 | 7.8 HIGH | 9.8 CRITICAL |
| The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. | |||||
| CVE-2015-6643 | 1 Google | 1 Android | 2016-12-07 | 7.2 HIGH | 6.6 MEDIUM |
| Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | |||||
| CVE-2015-6645 | 1 Google | 1 Android | 2016-12-07 | 7.1 HIGH | 5.0 MEDIUM |
| SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |||||
| CVE-2015-6646 | 1 Google | 1 Android | 2016-12-07 | 7.8 HIGH | 6.2 MEDIUM |
| The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613. | |||||
| CVE-2015-6647 | 1 Google | 1 Android | 2016-12-07 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | |||||
| CVE-2015-6291 | 1 Cisco | 1 Email Security Appliance | 2016-12-07 | 7.8 HIGH | N/A |
| Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. | |||||
| CVE-2015-6292 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 7.8 HIGH | N/A |
| The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. | |||||
| CVE-2015-6293 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 7.8 HIGH | N/A |
| Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. | |||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 9.0 HIGH | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||
| CVE-2015-6317 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | |||||
| CVE-2015-6319 | 1 Cisco | 22 Rv016 Multi-wan Vpn Router, Rv042 Dual Wan Vpn Router, Rv042g Dual Gigabit Wan Vpn Router and 19 more | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | |||||
| CVE-2015-6320 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2016-12-07 | 7.8 HIGH | 7.5 HIGH |
| The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138. | |||||
| CVE-2015-6321 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2016-12-07 | 7.8 HIGH | N/A |
| Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | |||||
| CVE-2015-6323 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. | |||||
| CVE-2015-6336 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
| Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | |||||
| CVE-2015-6337 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | |||||
| CVE-2015-6344 | 1 Cisco | 1 Asa Cx Context-aware Security Software | 2016-12-07 | 4.0 MEDIUM | N/A |
| The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. | |||||
| CVE-2015-6345 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | |||||
| CVE-2015-6346 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-6347 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | |||||
| CVE-2015-6348 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | |||||
| CVE-2015-6349 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-6350 | 1 Cisco | 1 Prime Service Catalog | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | |||||
| CVE-2015-6351 | 1 Cisco | 1 Asr 5000 Software | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | |||||
| CVE-2015-6352 | 1 Cisco | 2 Hosted Collaboration Solution, Unified Communications Domain Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | |||||
| CVE-2015-6353 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. | |||||
| CVE-2015-6354 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. | |||||
| CVE-2015-6356 | 1 Cisco | 1 Socialminer | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | |||||
| CVE-2015-6359 | 1 Cisco | 1 Ios | 2016-12-07 | 6.1 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | |||||
| CVE-2015-6362 | 1 Cisco | 1 Connected Grid Network Management System | 2016-12-07 | 4.0 MEDIUM | N/A |
| The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | |||||
| CVE-2015-6363 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. | |||||
| CVE-2015-6364 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | |||||
| CVE-2015-6365 | 1 Cisco | 1 Ios | 2016-12-07 | 4.0 MEDIUM | N/A |
| Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | |||||
| CVE-2015-6366 | 1 Cisco | 1 Ios | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | |||||
| CVE-2015-6367 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-07 | 7.8 HIGH | N/A |
| Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. | |||||
| CVE-2015-6388 | 1 Cisco | 1 Unified Computing System Central Software | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | |||||
| CVE-2015-6389 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-07 | 9.0 HIGH | N/A |
| Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707. | |||||
| CVE-2015-5602 | 1 Sudo Project | 1 Sudo | 2016-12-07 | 7.2 HIGH | N/A |
| sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | |||||
| CVE-2015-5667 | 1 Html-scrubber Project | 1 Html-scrubber | 2016-12-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | |||||
| CVE-2015-5712 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. | |||||
| CVE-2015-5713 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2016-12-07 | 5.0 MEDIUM | N/A |
| Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. | |||||
| CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
| CVE-2015-6017 | 1 Zyxel | 1 P-660hw-t1 V2 Firmware | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | |||||
| CVE-2015-6019 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2016-12-07 | 5.0 MEDIUM | 8.5 HIGH |
| The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2015-6020 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2016-12-07 | 8.3 HIGH | 8.0 HIGH |
| ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | |||||
| CVE-2015-5257 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 4.9 MEDIUM | N/A |
| drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. | |||||
| CVE-2015-5273 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-12-07 | 3.6 LOW | N/A |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |||||
| CVE-2015-5281 | 1 Redhat | 1 Enterprise Linux | 2016-12-07 | 2.6 LOW | N/A |
| The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | |||||
| CVE-2015-5287 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-12-07 | 6.9 MEDIUM | N/A |
| The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. | |||||
| CVE-2015-5292 | 1 Fedoraproject | 1 Sssd | 2016-12-07 | 6.8 MEDIUM | N/A |
| Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. | |||||