Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2016-12-05 | 6.8 MEDIUM | 8.1 HIGH |
| chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2016-1569 | 1 Firebirdsql | 1 Firebird | 2016-12-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter. | |||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2016-12-05 | 5.8 MEDIUM | 5.4 MEDIUM |
| WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2016-12-05 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | |||||
| CVE-2016-1982 | 1 Privoxy | 1 Privoxy | 2016-12-05 | 5.0 MEDIUM | 7.5 HIGH |
| The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | |||||
| CVE-2016-1983 | 1 Privoxy | 1 Privoxy | 2016-12-05 | 5.0 MEDIUM | 7.5 HIGH |
| The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |||||
| CVE-2016-1984 | 1 Harman | 1 Amx Firmware | 2016-12-05 | 10.0 HIGH | 9.8 CRITICAL |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. | |||||
| CVE-2016-1987 | 1 Hp | 1 Hp-ux Ipfilter | 2016-12-05 | 2.6 LOW | 5.9 MEDIUM |
| HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | |||||
| CVE-2016-2037 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2016-12-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | |||||
| CVE-2016-0950 | 1 Adobe | 1 Connect | 2016-12-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | |||||
| CVE-2016-1297 | 1 Cisco | 1 Application Control Engine Software | 2016-12-05 | 9.0 HIGH | 8.8 HIGH |
| The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | |||||
| CVE-2016-1301 | 1 Cisco | 2 Asa Cx Context-aware Security Software, Prime Security Manager | 2016-12-05 | 8.5 HIGH | 8.8 HIGH |
| The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | |||||
| CVE-2016-1302 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2016-12-05 | 9.0 HIGH | 8.8 HIGH |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | |||||
| CVE-2016-1304 | 1 Cisco | 1 Unity Connection | 2016-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | |||||
| CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | |||||
| CVE-2016-1307 | 1 Cisco | 2 Finesse, Unified Contact Center Express | 2016-12-05 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | |||||
| CVE-2016-1308 | 1 Cisco | 1 Unified Communications Manager | 2016-12-05 | 6.5 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | |||||
| CVE-2016-1309 | 1 Cisco | 1 Webex Meetings Server | 2016-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | |||||
| CVE-2016-1310 | 1 Cisco | 1 Unity Connection | 2016-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | |||||
| CVE-2016-1311 | 1 Cisco | 1 Jabber Guest | 2016-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | |||||