Total
10068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6440 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). | |||||
| CVE-2016-1484 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||||
| CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-02-04 | 8.0 HIGH | 6.5 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||||
| CVE-2016-4711 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | |||||
| CVE-2015-8019 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. | |||||
| CVE-2016-2786 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | |||||
| CVE-2016-2088 | 1 Isc | 1 Bind | 2024-02-04 | 4.3 MEDIUM | 6.8 MEDIUM |
| resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | |||||
| CVE-2015-2417 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416. | |||||
| CVE-2016-5358 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2015-0725 | 1 Cisco | 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. | |||||
| CVE-2016-2086 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | |||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||||
| CVE-2016-6426 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. | |||||
| CVE-2016-2454 | 1 Google | 2 Android, Nexus 5 | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024. | |||||
| CVE-2016-1843 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5386 | 1 Siemens | 2 Sicam Mic, Sicam Mic Firmware | 2024-02-04 | 9.3 HIGH | N/A |
| Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. | |||||
| CVE-2016-8579 | 1 Docker2aci Project | 1 Docker2aci | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
| docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | |||||
| CVE-2016-0950 | 1 Adobe | 1 Connect | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | |||||
| CVE-2016-4438 | 1 Apache | 1 Struts | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | |||||
| CVE-2016-2844 | 1 Google | 1 Chrome | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | |||||