Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2111 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 6.3 MEDIUM |
| The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. | |||||
| CVE-2016-2110 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. | |||||
| CVE-2015-3722 | 1 Apple | 1 Iphone Os | 2016-12-30 | 4.3 MEDIUM | N/A |
| Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. | |||||
| CVE-2015-3728 | 1 Apple | 1 Iphone Os | 2016-12-27 | 4.8 MEDIUM | N/A |
| The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | |||||
| CVE-2015-3658 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2016-12-27 | 6.8 MEDIUM | N/A |
| The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | |||||
| CVE-2015-6997 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-23 | 4.3 MEDIUM | N/A |
| The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||
| CVE-2015-5759 | 1 Apple | 1 Iphone Os | 2016-12-23 | 5.0 MEDIUM | N/A |
| WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||||
| CVE-2015-6999 | 1 Apple | 1 Iphone Os | 2016-12-23 | 5.0 MEDIUM | N/A |
| The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | |||||
| CVE-2015-7863 | 1 Accelerite | 1 Radia Client Automation | 2016-12-23 | 5.0 MEDIUM | N/A |
| The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2016-12-23 | 2.1 LOW | N/A |
| The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | |||||
| CVE-2015-6762 | 1 Google | 1 Chrome | 2016-12-23 | 7.5 HIGH | N/A |
| The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. | |||||
| CVE-2016-9207 | 1 Cisco | 1 Expressway | 2016-12-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9. | |||||
| CVE-2015-6582 | 1 Google | 1 Chrome | 2016-12-21 | 6.8 MEDIUM | N/A |
| The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2015-6583 | 1 Google | 1 Chrome | 2016-12-21 | 4.3 MEDIUM | N/A |
| Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. | |||||
| CVE-2015-5905 | 1 Apple | 1 Iphone Os | 2016-12-21 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | |||||
| CVE-2015-5904 | 1 Apple | 1 Iphone Os | 2016-12-21 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |||||
| CVE-2015-5857 | 1 Apple | 1 Iphone Os | 2016-12-21 | 5.0 MEDIUM | N/A |
| Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | |||||
| CVE-2015-5856 | 1 Apple | 1 Iphone Os | 2016-12-21 | 4.3 MEDIUM | N/A |
| The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||||
| CVE-2015-5850 | 1 Apple | 1 Iphone Os | 2016-12-21 | 2.1 LOW | N/A |
| AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | |||||
| CVE-2015-5839 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-21 | 5.0 MEDIUM | N/A |
| dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||||