Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2016-12-21 | 7.9 HIGH | N/A |
| admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | |||||
| CVE-2015-5413 | 1 Hp | 1 Version Control Repository Manager | 2016-12-21 | 4.0 MEDIUM | N/A |
| HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-1291 | 1 Google | 1 Chrome | 2016-12-21 | 6.4 MEDIUM | N/A |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. | |||||
| CVE-2015-1292 | 1 Google | 1 Chrome | 2016-12-21 | 5.0 MEDIUM | N/A |
| The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | |||||
| CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2016-12-21 | 4.0 MEDIUM | N/A |
| The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||||
| CVE-2014-1575 | 1 Mozilla | 1 Firefox | 2016-12-21 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. | |||||
| CVE-2015-0818 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2016-12-21 | 7.5 HIGH | N/A |
| Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | |||||
| CVE-2015-1226 | 1 Google | 1 Chrome | 2016-12-21 | 5.0 MEDIUM | N/A |
| The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. | |||||
| CVE-2015-1293 | 1 Google | 1 Chrome | 2016-12-21 | 7.5 HIGH | N/A |
| The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-4544 | 1 Emc | 1 Documentum Content Server | 2016-12-21 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. | |||||
| CVE-2015-5198 | 2 Canonical, Libvdpau Project | 2 Ubuntu Linux, Libvdpau | 2016-12-21 | 7.2 HIGH | N/A |
| libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. | |||||
| CVE-2015-4505 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2016-12-21 | 6.6 MEDIUM | N/A |
| updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. | |||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 5.0 MEDIUM | N/A |
| The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | |||||
| CVE-2015-1885 | 1 Ibm | 1 Websphere Application Server | 2016-12-21 | 9.3 HIGH | N/A |
| WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2016-6449 | 1 Cisco | 1 Fireamp Connector Endpoint Software | 2016-12-14 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available. More Information: CSCvb40597. Known Affected Releases: 1. | |||||
| CVE-2016-6706 | 1 Google | 1 Android | 2016-12-14 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713. | |||||
| CVE-2016-6369 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 7.2 HIGH | 7.8 HIGH |
| Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | |||||
| CVE-2016-6362 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. | |||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 6.6 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | |||||
| CVE-2015-6315 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | N/A |
| Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. | |||||