Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7022 | 1 Apple | 1 Iphone Os | 2016-12-23 | 4.3 MEDIUM | N/A |
| The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | |||||
| CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 5.8 MEDIUM | N/A |
| CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | |||||
| CVE-2015-7030 | 1 Apple | 1 Xcode | 2016-12-23 | 7.5 HIGH | N/A |
| The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | |||||
| CVE-2015-7031 | 1 Apple | 1 Mac Os X Server | 2016-12-23 | 5.0 MEDIUM | N/A |
| The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2015-7035 | 1 Apple | 1 Mac Os X | 2016-12-23 | 7.5 HIGH | N/A |
| Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | |||||
| CVE-2015-7184 | 1 Mozilla | 1 Firefox | 2016-12-23 | 6.8 MEDIUM | N/A |
| The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2015-7649 | 1 Adobe | 1 Shockwave Player | 2016-12-23 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-7834 | 1 Google | 2 Chrome, V8 | 2016-12-23 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-7860 | 1 Accelerite | 1 Radia Client Automation | 2016-12-23 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling. | |||||
| CVE-2015-7861 | 1 Accelerite | 1 Radia Client Automation | 2016-12-23 | 10.0 HIGH | N/A |
| Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling. | |||||
| CVE-2015-7862 | 1 Accelerite | 1 Radia Client Automation | 2016-12-23 | 5.0 MEDIUM | N/A |
| Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors. | |||||
| CVE-2015-7863 | 1 Accelerite | 1 Radia Client Automation | 2016-12-23 | 5.0 MEDIUM | N/A |
| The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-4361 | 1 Hp | 2 Loadrunner, Performance Center | 2016-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-5084 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2016-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-5085 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2016-12-23 | 7.8 HIGH | 7.5 HIGH |
| Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. | |||||
| CVE-2016-5086 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2016-12-23 | 9.3 HIGH | 9.8 CRITICAL |
| Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | |||||
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2016-12-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | |||||
| CVE-2016-6671 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-23 | 6.8 MEDIUM | 7.8 HIGH |
| The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | |||||
| CVE-2016-6754 | 1 Google | 1 Android | 2016-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. | |||||
| CVE-2016-6881 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. | |||||