Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9207 | 1 Cisco | 1 Expressway | 2016-12-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9. | |||||
| CVE-2015-5857 | 1 Apple | 1 Iphone Os | 2016-12-22 | 5.0 MEDIUM | N/A |
| Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | |||||
| CVE-2015-5904 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |||||
| CVE-2015-5850 | 1 Apple | 1 Iphone Os | 2016-12-22 | 2.1 LOW | N/A |
| AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | |||||
| CVE-2015-5905 | 1 Apple | 1 Iphone Os | 2016-12-22 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | |||||
| CVE-2015-5839 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||||
| CVE-2015-5856 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||||
| CVE-2016-7959 | 1 Siemens | 1 Simatic Step 7 | 2016-12-22 | 1.9 LOW | 4.7 MEDIUM |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | |||||
| CVE-2015-4508 | 1 Mozilla | 1 Firefox | 2016-12-22 | 2.6 LOW | N/A |
| Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | |||||
| CVE-2015-4502 | 1 Mozilla | 1 Firefox | 2016-12-22 | 4.3 MEDIUM | N/A |
| js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | |||||
| CVE-2015-4476 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-22 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute. | |||||
| CVE-2015-4516 | 1 Mozilla | 1 Firefox | 2016-12-22 | 9.3 HIGH | N/A |
| Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. | |||||
| CVE-2016-6848 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution. | |||||
| CVE-2016-9209 | 1 Cisco | 1 Firepower Services For Adaptive Security Appliance | 2016-12-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10. | |||||
| CVE-2015-5833 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | |||||
| CVE-2015-5900 | 1 Apple | 1 Mac Os X | 2016-12-08 | 7.1 HIGH | N/A |
| The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | |||||
| CVE-2015-8338 | 1 Xen | 1 Xen | 2016-12-07 | 7.2 HIGH | N/A |
| Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-7873 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-07 | 5.0 MEDIUM | N/A |
| The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | |||||
| CVE-2015-7187 | 1 Mozilla | 1 Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | |||||