Uncategorized CVEs — 2016 (Page 3/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2016-10-25

Medium

CVE-2016-5540

Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors.

CVSS: 6.7CWE: CWE-254

High

CVE-2016-5539

Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 7.3CWE: N/A

Medium

CVE-2016-5538

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability…

CVSS: 6.7CWE: N/A

Medium

CVE-2016-5537

Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous i…

CVSS: 5.7CWE: N/A

Critical

CVE-2016-5535

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity,…

CVSS: 9.8CWE: N/A

Critical

CVE-2016-5531

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availa…

CVSS: 9.8CWE: N/A

Medium

CVE-2016-5530

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re…

CVSS: 6.1CWE: N/A

Medium

CVE-2016-5529

CVSS: 6.1CWE: N/A

Low

CVE-2016-5525

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.

CVSS: 3.3CWE: CWE-254

High

CVE-2016-5523

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availabil…

CVSS: 8.8CWE: N/A

High

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and avai…

CVSS: 8.8CWE: N/A

High

CVE-2016-5518

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integr…

CVSS: 8.1CWE: N/A

Medium

CVE-2016-5516

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.

CVSS: 6.0CWE: N/A

High

CVE-2016-5515

CVSS: 8.8CWE: N/A

High

CVE-2016-5514

CVSS: 8.8CWE: N/A

Medium

CVE-2016-5511

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: CWE-254

Medium

CVE-2016-5507

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9CWE: N/A

High

CVE-2016-5503

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability vi…

CVSS: 8.2CWE: N/A

High

CVE-2016-5501

CVSS: 7.8CWE: N/A

Low

CVE-2016-5499

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability t…

CVSS: 3.3CWE: CWE-264

Low

CVE-2016-5490

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.

CVSS: 3.3CWE: N/A

High

CVE-2016-5489

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vecto…

CVSS: 8.2CWE: N/A

Medium

CVE-2016-5488

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container…

CVSS: 5.3CWE: N/A

Medium

CVE-2016-5487

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 5.3CWE: N/A

Medium

CVE-2016-5486

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Ser…

CVSS: 5.5CWE: CWE-199

Low

CVE-2016-5480

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.

CVSS: 2.8CWE: N/A

Critical

CVE-2016-3551

Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integr…

CVSS: 9.8CWE: N/A

High

CVE-2016-3505

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity,…

CVSS: 8.8CWE: N/A

Medium

CVE-2016-3495

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9CWE: N/A

Medium

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimi…

CVSS: 6.5CWE: N/A

High

CVE-2016-1000215

Ruckus Wireless H500 web management interface denial of service

CVSS: 7.5CWE: N/A

2016-10-22

Low

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier fo…

CVSS: 3.7CWE: CWE-254

High

CVE-2016-0239

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges v…

CVSS: 8.8CWE: CWE-264

2016-10-16

Medium

CVE-2016-8660

The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related…

CVSS: 5.5CWE: CWE-19

High

CVE-2016-7039

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GR…

CVSS: 7.5CWE: CWE-399

Medium

CVE-2015-8953

fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on…

CVSS: 5.5CWE: CWE-399

Medium

CVE-2015-8952

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup)…

CVSS: 5.5CWE: CWE-19

2016-10-14

High

CVE-2016-7211

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…

CVSS: 7.3CWE: CWE-264

High

CVE-2016-7188

The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted applicatio…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-7185

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3396

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3393

CVSS: 7.8CWE: N/A

Medium

CVE-2016-3388

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof…

CVSS: 5.3CWE: CWE-264

High

CVE-2016-3387

CVSS: 7.5CWE: CWE-264

High

CVE-2016-3341

The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence o…

CVSS: 6.5CWE: N/A

High

CVE-2016-3270

The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Go…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3266

CVSS: 7.8CWE: CWE-264

2016-10-13

Critical

CVE-2016-6957

Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker…

CVSS: 9.8CWE: CWE-254

Low

CVE-2016-7437

SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks…

CVSS: 3.3CWE: N/A

High

CVE-2016-6325

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which all…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-7959

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to…

CVSS: 4.7CWE: CWE-254

2016-10-10

High

CVE-2016-8101

The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-7423

The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (ou…

CVSS: 4.4CWE: N/A

Medium

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certifi…

CVSS: 5.9CWE: CWE-19

Critical

CVE-2016-7117

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system…

CVSS: 9.8CWE: CWE-19

High

CVE-2016-6673

The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.

CVSS: 7.8CWE: CWE-264

High

CVE-2016-6672

The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-5348

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service…

CVSS: 5.9CWE: CWE-399

High

CVE-2016-3940

The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991.

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3939

drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3938

drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a c…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3933

mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3932

mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3931

drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3930

The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.

CVSS: 7.8CWE: CWE-264

Critical

CVE-2016-3929

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.

CVSS: 9.8CWE: N/A

High

CVE-2016-3928

The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384.

CVSS: 7.8CWE: CWE-264

Critical

CVE-2016-3927

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.

CVSS: 9.8CWE: N/A

Critical

CVE-2016-3926

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.

CVSS: 9.8CWE: N/A

High

CVE-2016-3922

libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application,…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3921

libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to g…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3917

The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attacke…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3915

camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privi…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3913

media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not valida…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3912

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application,…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3911

core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges v…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3910

services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3909

The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-3908

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application…

CVSS: 5.5CWE: CWE-264

High

CVE-2016-3905

CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME c…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3903

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attacker…

CVSS: 7.8CWE: CWE-264

High

CVE-2016-3900

cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registra…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-8955

arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving…

CVSS: 7.3CWE: CWE-264

High

CVE-2015-8951

Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attack…

CVSS: 7.8CWE: CWE-264

2016-10-07

High

CVE-2016-6273

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License…

CVSS: 7.5CWE: N/A

High

CVE-2016-3699

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions an…

CVSS: 7.4CWE: CWE-264

High

CVE-2015-5162

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attack…

CVSS: 7.5CWE: CWE-399

2016-10-06

High

CVE-2016-1000009

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.

CVSS: 7.5CWE: CWE-254

High

CVE-2016-6428

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

CVSS: 7.8CWE: CWE-264

Medium

CVE-2016-6424

The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHC…

CVSS: 6.5CWE: CWE-399

Medium

CVE-2016-6025

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstati…

CVSS: 5.9CWE: CWE-264

High

CVE-2015-6393

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) v…

CVSS: 7.5CWE: CWE-399

High

CVE-2015-0721

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended A…

CVSS: 8.0CWE: CWE-264

High

CVE-2015-6392

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted I…

CVSS: 7.5CWE: CWE-399

2016-10-05

Medium

CVE-2016-6423

The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux9754…

CVSS: 6.5CWE: CWE-399

Medium

CVE-2016-6421

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.

CVSS: 5.3CWE: CWE-399

High

CVE-2016-6393

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connect…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6391

Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSC…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6385

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6378

Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6392

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Sour…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6386

Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID C…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6382

Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) registe…

CVSS: 7.5CWE: CWE-399

High

CVE-2016-6381

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka B…

CVSS: 7.5CWE: CWE-399

Critical

CVE-2016-7435

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer…

CVSS: 9.1CWE: CWE-264

High

CVE-2016-5084

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.

CVSS: 7.5CWE: CWE-310

High

CVE-2016-4390

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-…

CVSS: 8.1CWE: N/A

High

CVE-2016-4389

CVSS: 8.1CWE: N/A

High

CVE-2016-4388

CVSS: 8.1CWE: N/A

High

CVE-2016-4387

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-…

CVSS: 8.1CWE: N/A

High

CVE-2016-2308

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext,…

CVSS: 8.6CWE: N/A

Critical

CVE-2014-5415

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration To…

CVSS: 9.1CWE: CWE-264

Critical

CVE-2014-5414

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote atta…

CVSS: 9.1CWE: CWE-254

Medium

CVE-2016-6550

The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information vi…

CVSS: 5.4CWE: CWE-310

2016-10-03

Medium

CVE-2016-7046

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via…

CVSS: 5.9CWE: CWE-399

Critical

CVE-2015-1832

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary fil…

CVSS: 9.1CWE: CWE-399

Medium

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions an…

CVSS: 4.3CWE: CWE-264

Medium

CVE-2016-7570

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging righ…

CVSS: 4.3CWE: CWE-264

High

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting…

CVSS: 7.5CWE: CWE-254