Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4544 | 1 Emc | 1 Documentum Content Server | 2016-12-22 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. | |||||
| CVE-2015-4505 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2016-12-22 | 6.6 MEDIUM | N/A |
| updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. | |||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 5.0 MEDIUM | N/A |
| The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | |||||
| CVE-2015-1885 | 1 Ibm | 1 Websphere Application Server | 2016-12-22 | 9.3 HIGH | N/A |
| WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2015-0818 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2016-12-22 | 7.5 HIGH | N/A |
| Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | |||||
| CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2016-12-22 | 4.0 MEDIUM | N/A |
| The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||||
| CVE-2014-1575 | 1 Mozilla | 1 Firefox | 2016-12-22 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. | |||||
| CVE-2016-6449 | 1 Cisco | 1 Fireamp Connector Endpoint Software | 2016-12-15 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available. More Information: CSCvb40597. Known Affected Releases: 1. | |||||
| CVE-2016-6706 | 1 Google | 1 Android | 2016-12-15 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713. | |||||
| CVE-2016-6369 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 7.2 HIGH | 7.8 HIGH |
| Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | |||||
| CVE-2016-6362 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. | |||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 6.6 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | |||||
| CVE-2015-6315 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | N/A |
| Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. | |||||
| CVE-2015-8966 | 1 Linux | 1 Linux Kernel | 2016-12-10 | 7.2 HIGH | 7.8 HIGH |
| arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. | |||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2016-12-09 | 6.8 MEDIUM | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | |||||
| CVE-2015-6333 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2016-12-09 | 4.6 MEDIUM | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||||
| CVE-2015-4542 | 1 Emc | 1 Rsa Archer Grc | 2016-12-08 | 6.5 MEDIUM | N/A |
| EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |||||
| CVE-2014-1421 | 1 Canonical | 1 Ubuntu Linux | 2016-12-08 | 7.2 HIGH | N/A |
| mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-7323 | 1 Juniper | 1 Pulse Connect Secure | 2016-12-08 | 3.5 LOW | N/A |
| The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. | |||||
| CVE-2015-5897 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.6 MEDIUM | N/A |
| The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||||