Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1389 | 1 Cisco | 1 Webex Meetings Server | 2016-12-02 | 4.3 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. | |||||
| CVE-2016-0854 | 1 Advantech | 1 Webaccess | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. | |||||
| CVE-2015-8816 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2016-12-02 | 7.2 HIGH | 6.8 MEDIUM |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | |||||
| CVE-2015-7472 | 1 Ibm | 1 Websphere Portal | 2016-12-02 | 6.4 MEDIUM | 7.2 HIGH |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. | |||||
| CVE-2015-3233 | 1 Drupal | 1 Drupal | 2016-12-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-3232 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-12-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. | |||||
| CVE-2015-2853 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2016-12-02 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. | |||||
| CVE-2015-2825 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2016-12-02 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter. | |||||
| CVE-2015-2789 | 1 Foxitsoftware | 1 Foxit Reader | 2016-12-02 | 4.4 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
| CVE-2015-2346 | 1 Huawei | 1 Seq Analyst | 2016-12-02 | 4.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | |||||
| CVE-2015-2667 | 1 Gns3 | 1 Gns3 | 2016-12-02 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. | |||||
| CVE-2015-2167 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2016-12-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | |||||
| CVE-2015-2194 | 1 Digitalnature | 1 Fusion | 2016-12-02 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | |||||
| CVE-2015-0121 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2016-12-02 | 3.7 LOW | N/A |
| IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2013-7017 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-02 | 6.8 MEDIUM | N/A |
| libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7447 | 2 Canonical, Gtk | 2 Ubuntu Linux, Gtk\\\+ | 2016-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. | |||||
| CVE-2013-7008 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-02 | 6.8 MEDIUM | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. | |||||
| CVE-2013-4265 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-02 | 10.0 HIGH | N/A |
| The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. | |||||
| CVE-2016-4106 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-02 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090. | |||||
| CVE-2016-1821 | 1 Apple | 1 Mac Os X | 2016-12-02 | 9.3 HIGH | 7.8 HIGH |
| IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||