Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6005 | 1 Ipswitch | 1 Whatsup Gold | 2016-12-05 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||
| CVE-2015-6398 | 1 Cisco | 1 Nx-os | 2016-12-05 | 7.8 HIGH | 7.5 HIGH |
| Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | |||||
| CVE-2015-7399 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2016-12-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | |||||
| CVE-2015-8148 | 1 Symantec | 1 Encryption Management Server | 2016-12-05 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||||
| CVE-2015-8149 | 1 Symantec | 1 Encryption Management Server | 2016-12-05 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. | |||||
| CVE-2015-8150 | 1 Symantec | 1 Encryption Management Server | 2016-12-05 | 6.3 MEDIUM | 7.8 HIGH |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. | |||||
| CVE-2015-8151 | 1 Symantec | 1 Encryption Management Server | 2016-12-05 | 5.8 MEDIUM | 9.1 CRITICAL |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | |||||
| CVE-2015-8476 | 2 Debian, Phpmailer Project | 2 Debian Linux, Phpmailer | 2016-12-05 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. | |||||
| CVE-2015-4059 | 1 Wavelink | 1 Terminal Emulation | 2016-12-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. | |||||
| CVE-2015-4060 | 1 Wavelink | 1 Connectpro | 2016-12-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. | |||||
| CVE-2015-4067 | 1 Dell | 1 Netvault Backup | 2016-12-05 | 10.0 HIGH | N/A |
| Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-4068 | 1 Arcserve | 1 Arcserve Unified Data Protection | 2016-12-05 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. | |||||
| CVE-2015-4069 | 1 Arcserve | 1 Arcserve Unified Data Protection | 2016-12-05 | 7.8 HIGH | N/A |
| The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. | |||||
| CVE-2015-4132 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2016-12-05 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4137 | 1 Milw0rm Project | 1 Milw0rm Clone Script | 2016-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | |||||
| CVE-2015-4974 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2016-12-05 | 7.2 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | |||||
| CVE-2015-4981 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2016-12-05 | 2.1 LOW | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors. | |||||
| CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2016-12-05 | 8.5 HIGH | 8.5 HIGH |
| The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | |||||
| CVE-2015-3439 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-12-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as. | |||||
| CVE-2015-3440 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-12-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. | |||||