Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2016-8294 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors... | N/A | NONE | β | 0 |
| CVE-2016-8295 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2016-1000122 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | N/A | NONE | β | 0 |
| CVE-2016-8296 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via v... | N/A | NONE | β | 0 |
| CVE-2016-8501 Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | N/A | NONE | β | 0 |
| CVE-2016-8502 Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special Ja... | N/A | NONE | β | 0 |
| CVE-2016-8503 Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaS... | N/A | NONE | β | 0 |
| CVE-2016-8504 CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | N/A | NONE | β | 0 |
| CVE-2016-8505 XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | N/A | NONE | β | 0 |
| CVE-2017-14548 STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00... | N/A | NONE | β | 0 |
| CVE-2016-8506 XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | N/A | NONE | β | 0 |
| CVE-2015-0787 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | N/A | NONE | β | 0 |
| CVE-2016-1592 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | N/A | NONE | β | 0 |
| CVE-2016-1598 XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | N/A | NONE | β | 0 |
| CVE-2016-5764 Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects... | N/A | NONE | β | 0 |
| CVE-2016-1000120 SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | N/A | NONE | β | 0 |
| CVE-2016-6431 A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vuln... | N/A | NONE | β | 0 |
| CVE-2016-6432 A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute c... | N/A | NONE | β | 0 |
| CVE-2016-6437 A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to h... | N/A | NONE | β | 0 |
| CVE-2016-6438 A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line co... | N/A | NONE | β | 0 |
| CVE-2016-9800 In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lac... | N/A | NONE | β | 0 |
| CVE-2016-6439 A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) c... | N/A | NONE | β | 0 |
| CVE-2016-6440 The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information:... | N/A | NONE | β | 0 |
| CVE-2016-6442 A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web... | N/A | NONE | β | 0 |
| CVE-2016-6443 A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by exec... | N/A | NONE | β | 0 |
| CVE-2016-6444 A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. K... | N/A | NONE | β | 0 |
| CVE-2016-6445 A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an una... | N/A | NONE | β | 0 |
| CVE-2016-6446 A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases... | N/A | NONE | β | 0 |
| CVE-2016-1423 A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to c... | N/A | NONE | β | 0 |
| CVE-2016-1480 A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthe... | N/A | NONE | β | 0 |
| CVE-2016-1481 A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) ... | N/A | NONE | β | 0 |
| CVE-2016-1486 A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthentic... | N/A | NONE | β | 0 |
| CVE-2016-6356 A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop... | N/A | NONE | β | 0 |
| CVE-2016-6357 A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass... | N/A | NONE | β | 0 |
| CVE-2016-6358 A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application u... | N/A | NONE | β | 0 |
| CVE-2016-8339 A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-6360 A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial deni... | N/A | NONE | β | 0 |
| CVE-2016-6372 A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and We... | N/A | NONE | β | 0 |
| CVE-2016-6397 A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote atta... | N/A | NONE | β | 0 |
| CVE-2016-8332 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as impleme... | N/A | NONE | β | 0 |
| CVE-2016-9018 Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | N/A | NONE | β | 0 |
| CVE-2016-7919 Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process... | 7.5 | HIGH | β | 0 |
| CVE-2016-8579 docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | N/A | NONE | β | 0 |
| CVE-2016-8580 PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included cla... | N/A | NONE | β | 0 |
| CVE-2016-8581 A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the cu... | N/A | NONE | β | 0 |
| CVE-2016-8582 A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via ... | N/A | NONE | β | 0 |
| CVE-2017-14549 STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000... | N/A | NONE | β | 0 |
| CVE-2016-8583 Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | N/A | NONE | β | 0 |
| CVE-2016-8600 In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | N/A | NONE | β | 0 |
| CVE-2016-8867 Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mo... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.