Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | |||||
| CVE-2016-6531 | 1 Opendental | 1 Opendental | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction." | |||||
| CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||||
| CVE-2016-6535 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | |||||
| CVE-2016-6536 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. | |||||
| CVE-2016-6537 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings. | |||||
| CVE-2016-6550 | 1 Bb\&t | 1 The U | 2016-11-28 | 4.3 MEDIUM | 5.4 MEDIUM |
| The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-6641 | 1 Emc | 1 Vipr Srm | 2016-11-28 | 3.5 LOW | 7.6 HIGH |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6642 | 1 Emc | 1 Vipr Srm | 2016-11-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||||
| CVE-2016-6643 | 1 Emc | 1 Vipr Srm | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6653 | 1 Pivotal Software | 1 Cloud Foundry Cf Mysql | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. | |||||
| CVE-2016-6669 | 1 Huawei | 8 Usg2100, Usg2100 Firmware, Usg2200 and 5 more | 2016-11-28 | 7.1 HIGH | 7.5 HIGH |
| Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. | |||||
| CVE-2016-6672 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088. | |||||
| CVE-2016-6673 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201. | |||||
| CVE-2016-6674 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380. | |||||
| CVE-2016-6394 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 5.8 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | |||||
| CVE-2016-6395 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | |||||
| CVE-2016-6396 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. | |||||
| CVE-2016-6397 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). | |||||
| CVE-2016-6398 | 1 Cisco | 1 Ios | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. | |||||