Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4184 | 1 Cisco | 1 Email Security Appliance | 2017-01-04 | 5.0 MEDIUM | N/A |
| The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. | |||||
| CVE-2015-0770 | 1 Cisco | 1 Telepresence Tc Software | 2017-01-04 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. | |||||
| CVE-2015-4328 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2017-01-04 | 4.0 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. | |||||
| CVE-2015-4327 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2017-01-04 | 7.2 HIGH | N/A |
| The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | |||||
| CVE-2015-0747 | 1 Cisco | 3 Headend Digital Broadband Delivery System, Headend System Release, Videoscape Conductor | 2017-01-04 | 4.3 MEDIUM | N/A |
| Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | |||||
| CVE-2015-0751 | 1 Cisco | 2 Ip Phone 7861, Unified Communications Manager | 2017-01-04 | 7.8 HIGH | N/A |
| Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | |||||
| CVE-2015-0753 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2017-01-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. | |||||
| CVE-2015-0754 | 1 Cisco | 1 Finesse | 2017-01-04 | 7.5 HIGH | N/A |
| Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. | |||||
| CVE-2015-0756 | 1 Cisco | 1 Wireless Lan Controller | 2017-01-04 | 6.1 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | |||||
| CVE-2015-0759 | 1 Cisco | 1 Headend Digital Broadband Delivery System | 2017-01-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-8595 | 1 Ffmpeg | 1 Ffmpeg | 2017-01-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||||
| CVE-2016-9224 | 1 Cisco | 1 Jabber Guest | 2017-01-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). | |||||
| CVE-2015-1088 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-01-03 | 6.8 MEDIUM | N/A |
| CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2017-01-03 | 4.3 MEDIUM | N/A |
| libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | |||||
| CVE-2014-8010 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-01-03 | 6.5 MEDIUM | N/A |
| The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | |||||
| CVE-2015-5986 | 2 Apple, Isc | 2 Mac Os X Server, Bind | 2016-12-31 | 7.1 HIGH | N/A |
| openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. | |||||
| CVE-2015-5722 | 2 Apple, Isc | 2 Mac Os X Server, Bind | 2016-12-31 | 7.8 HIGH | N/A |
| buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | |||||
| CVE-2015-2341 | 1 Vmware | 3 Fusion, Player, Workstation | 2016-12-31 | 7.8 HIGH | N/A |
| VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command. | |||||
| CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2016-12-31 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4474 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2016-12-31 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. | |||||