Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8567 | 1 Siemens | 1 Sicam Pas | 2017-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | |||||
| CVE-2016-8364 | 1 Ibhsoftec | 1 S7-softplc | 2017-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. | |||||
| CVE-2016-8922 | 1 Ibm | 2 Web Content Manager Production Analytics, Websphere Portal | 2017-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-10003 | 1 Squid-cache | 1 Squid | 2017-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | |||||
| CVE-2016-10079 | 1 Sap | 1 Saplpd | 2017-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||||
| CVE-2016-8509 | 2017-02-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-8510 | 2017-02-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2017-3806 | 1 Cisco | 1 Firepower Threat Defense | 2017-02-27 | 4.6 MEDIUM | 5.3 MEDIUM |
| A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). | |||||
| CVE-2016-4042 | 1 Plone | 1 Plone | 2017-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | |||||
| CVE-2016-4041 | 1 Plone | 1 Plone | 2017-02-27 | 7.5 HIGH | 7.3 HIGH |
| Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | |||||
| CVE-2016-5100 | 1 Froxlor | 1 Froxlor | 2017-02-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | |||||
| CVE-2016-6173 | 1 Nlnetlabs | 1 Nsd | 2017-02-24 | 7.8 HIGH | 7.5 HIGH |
| NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | |||||
| CVE-2016-4341 | 1 Netapp | 1 Clustered Data Ontap | 2017-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. | |||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2017-02-24 | 7.5 HIGH | 7.3 HIGH |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||||
| CVE-2016-10192 | 1 Ffmpeg | 1 Ffmpeg | 2017-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. | |||||
| CVE-2016-6667 | 1 Netapp | 1 Oncommand Unified Manager For Clustered Data Ontap | 2017-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-5117 | 1 Openntpd | 1 Openntpd | 2017-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | |||||
| CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2017-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||||
| CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2017-02-24 | 9.4 HIGH | 9.1 CRITICAL |
| The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||||
| CVE-2016-5711 | 1 Netapp | 1 Virtual Storage Console For Vmware Vsphere | 2017-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | |||||