Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4488 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." | |||||
| CVE-2016-4489 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." | |||||
| CVE-2016-4490 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. | |||||
| CVE-2016-4491 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once." | |||||
| CVE-2016-4492 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 4.4 MEDIUM |
| Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. | |||||
| CVE-2016-4493 | 1 Gnu | 1 Libiberty | 2017-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. | |||||
| CVE-2016-5880 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5882 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5884 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6113 | 1 Ibm | 2 Domino, Inotes | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6450 | 1 Cisco | 1 Ios Xe | 2017-07-27 | 1.9 LOW | 2.5 LOW |
| A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). | |||||
| CVE-2016-6462 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. | |||||
| CVE-2016-6466 | 1 Cisco | 2 Asr 5000 Series Software, Virtualized Packet Core | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147. | |||||
| CVE-2016-6472 | 1 Cisco | 1 Unified Communications Manager | 2017-07-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). | |||||
| CVE-2016-7053 | 1 Openssl | 1 Openssl | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. | |||||
| CVE-2016-7458 | 1 Vmware | 1 Vsphere Client | 2017-07-27 | 5.0 MEDIUM | 5.8 MEDIUM |
| VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-7460 | 1 Vmware | 1 Vrealize Automation | 2017-07-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-7461 | 2 Microsoft, Vmware | 5 Windows, Fusion, Fusion Pro and 2 more | 2017-07-27 | 7.2 HIGH | 8.8 HIGH |
| The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. | |||||
| CVE-2016-7462 | 1 Vmware | 1 Vrealize Operations | 2017-07-27 | 7.5 HIGH | 8.5 HIGH |
| The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. | |||||
| CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2017-07-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||