Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1388 | 1 Cisco | 3 Network Analysis Module, Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. | |||||
| CVE-2016-1395 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2016-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | |||||
| CVE-2016-1396 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | |||||
| CVE-2016-1427 | 1 Cisco | 1 Prime Network Registrar | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | |||||
| CVE-2016-1428 | 1 Cisco | 1 Ios Xe | 2016-11-29 | 6.8 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | |||||
| CVE-2016-1434 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2016-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2016-11-29 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2016-1436 | 1 Cisco | 1 Asr 5000 Software | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | |||||
| CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2016-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | |||||
| CVE-2016-1439 | 1 Cisco | 1 Unified Contact Center Enterprise | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | |||||
| CVE-2016-1861 | 1 Apple | 1 Mac Os X | 2016-11-29 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. | |||||
| CVE-2016-2285 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-2286 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2016-2295 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. | |||||
| CVE-2016-2297 | 1 Meteocontrol | 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more | 2016-11-29 | 9.7 HIGH | 9.4 CRITICAL |
| Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature." | |||||
| CVE-2016-2298 | 1 Meteocontrol | 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more | 2016-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | |||||
| CVE-2016-1225 | 1 Trendmicro | 1 Internet Security | 2016-11-29 | 5.0 MEDIUM | 6.5 MEDIUM |
| Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-1226 | 1 Trendmicro | 1 Internet Security | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2016-11-29 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | |||||
| CVE-2015-7473 | 1 Ibm | 1 Websphere Mq | 2016-11-29 | 2.1 LOW | 2.5 LOW |
| runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | |||||