Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2953 | 1 Ibm | 1 Connections | 2016-11-30 | 4.3 MEDIUM | 3.7 LOW |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2016-3004 | 1 Ibm | 1 Connections | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. | |||||
| CVE-2016-3057 | 1 Ibm | 1 Sterling B2b Integrator | 2016-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3009 | 1 Ibm | 1 Connections | 2016-11-30 | 3.5 LOW | 3.5 LOW |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page. | |||||
| CVE-2016-3002 | 1 Ibm | 1 Connections | 2016-11-30 | 2.1 LOW | 2.1 LOW |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | |||||
| CVE-2016-2957 | 1 Ibm | 1 Connections | 2016-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. | |||||
| CVE-2016-4810 | 1 Citrix | 2 Xenapp, Xendesktop | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. | |||||
| CVE-2016-5709 | 1 Solarwinds | 1 Virtualization Manager | 2016-11-29 | 1.9 LOW | 4.7 MEDIUM |
| SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | |||||
| CVE-2016-5832 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. | |||||
| CVE-2016-5833 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. | |||||
| CVE-2016-5834 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. | |||||
| CVE-2016-5835 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. | |||||
| CVE-2016-5837 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. | |||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | |||||
| CVE-2016-4052 | 2 Canonical, Squid-cache | 2 Ubuntu Linux, Squid | 2016-11-29 | 6.8 MEDIUM | 8.1 HIGH |
| Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. | |||||
| CVE-2016-2494 | 1 Google | 1 Android | 2016-11-29 | 9.3 HIGH | 7.8 HIGH |
| Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658. | |||||
| CVE-2016-2927 | 1 Ibm | 1 Bigfix Remote Control | 2016-11-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. | |||||
| CVE-2016-2928 | 1 Ibm | 1 Bigfix Remote Control | 2016-11-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | |||||
| CVE-2016-2929 | 1 Ibm | 1 Bigfix Remote Control | 2016-11-29 | 4.3 MEDIUM | 8.1 HIGH |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2016-3941 | 2 Canonical, Videolan | 2 Ubuntu Linux, Vlc Media Player | 2016-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." | |||||