Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1849 | 1 Apple | 2 Iphone Os, Safari | 2016-12-01 | 2.1 LOW | 3.3 LOW |
| The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | |||||
| CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2016-12-01 | 4.3 MEDIUM | 3.3 LOW |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
| CVE-2016-1791 | 1 Apple | 1 Mac Os X | 2016-12-01 | 4.3 MEDIUM | 3.3 LOW |
| The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2016-1404 | 1 Cisco | 1 Ucs Invicta C3124sa Appliance | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. | |||||
| CVE-2016-1410 | 1 Cisco | 1 Webex Meeting Center | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | |||||
| CVE-2016-1079 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092. | |||||
| CVE-2016-1112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1092 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079. | |||||
| CVE-2016-0893 | 1 Emc | 1 Rsa Data Loss Prevention | 2016-12-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||||
| CVE-2015-6551 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2016-12-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. | |||||
| CVE-2016-3002 | 1 Ibm | 1 Connections | 2016-11-30 | 2.1 LOW | 2.1 LOW |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | |||||
| CVE-2016-2957 | 1 Ibm | 1 Connections | 2016-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. | |||||
| CVE-2016-5709 | 1 Solarwinds | 1 Virtualization Manager | 2016-11-30 | 1.9 LOW | 4.7 MEDIUM |
| SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | |||||
| CVE-2016-5835 | 1 Wordpress | 1 Wordpress | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. | |||||
| CVE-2016-2927 | 1 Ibm | 1 Bigfix Remote Control | 2016-11-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. | |||||
| CVE-2016-1427 | 1 Cisco | 1 Prime Network Registrar | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | |||||
| CVE-2016-2295 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. | |||||
| CVE-2016-2298 | 1 Meteocontrol | 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more | 2016-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. | |||||
| CVE-2016-1225 | 1 Trendmicro | 1 Internet Security | 2016-11-30 | 5.0 MEDIUM | 6.5 MEDIUM |
| Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2016-11-30 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | |||||