Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3358 | 1 Tadaa\! Project | 1 Tadaa\! | 2016-12-05 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables. | |||||
| CVE-2015-3371 | 1 Node Invite Project | 1 Node Invite | 2016-12-05 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. | |||||
| CVE-2015-3383 | 1 Insite | 1 Node Basket | 2016-12-05 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2006-6675 | 1 Novell | 2 Apache Http Server, Netware | 2016-12-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. | |||||
| CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2016-12-02 | 7.2 HIGH | 8.8 HIGH |
| Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
| CVE-2016-4077 | 1 Wireshark | 1 Wireshark | 2016-12-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. | |||||
| CVE-2016-4084 | 1 Wireshark | 1 Wireshark | 2016-12-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. | |||||
| CVE-2016-3116 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2016-12-02 | 5.5 MEDIUM | 6.4 MEDIUM |
| CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||||
| CVE-2016-2001 | 1 Hp | 1 Universal Cmbd Foundation | 2016-12-02 | 5.8 MEDIUM | 7.4 HIGH |
| HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | |||||
| CVE-2016-1976 | 3 Microsoft, Mozilla, Webrtc Project | 3 Windows, Firefox, Webrtc | 2016-12-02 | 6.8 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1789 | 1 Apple | 1 Ibooks Author | 2016-12-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-1972 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2016-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1745 | 1 Apple | 1 Mac Os X | 2016-12-02 | 2.1 LOW | 5.5 MEDIUM |
| IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2016-1756 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1634 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. | |||||
| CVE-2016-1644 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2016-1641 | 1 Google | 1 Chrome | 2016-12-02 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download. | |||||
| CVE-2016-1639 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. | |||||
| CVE-2016-1635 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-1633 | 1 Google | 1 Chrome | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||