Lista CVE - 2016 / Ottobre
Visualizzazione 101 - 200 di 687 CVE per Ottobre 2016 (Pagina 2 di 7)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-0721 | 2016-10-06 | Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass... |
| CVE-2015-6393 | 2016-10-06 | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial... |
| CVE-2016-1453 | 2016-10-06 | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via... |
| CVE-2016-1454 | 2016-10-06 | Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial... |
| CVE-2016-6023 | 2016-10-06 | Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary... |
| CVE-2016-6025 | 2016-10-06 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended... |
| CVE-2016-6026 | 2016-10-06 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP... |
| CVE-2016-6027 | 2016-10-06 | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it... |
| CVE-2016-6422 | 2016-10-06 | Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to... |
| CVE-2016-6424 | 2016-10-06 | The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of... |
| CVE-2016-6425 | 2016-10-06 | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web... |
| CVE-2016-6427 | 2016-10-06 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the... |
| CVE-2016-6428 | 2016-10-06 | Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. |
| CVE-2016-6433 | 2016-10-06 | The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. |
| CVE-2016-6434 | 2016-10-06 | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. |
| CVE-2016-6435 | 2016-10-06 | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. |
| CVE-2016-6436 | 2016-10-06 | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script... |
| CVE-2016-6653 | 2016-10-06 | The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. |
| CVE-2015-1000000 | 2016-10-06 | Remote file upload vulnerability in mailcwp v1.99 wordpress plugin |
| CVE-2015-1000001 | 2016-10-06 | Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin |
| CVE-2015-1000002 | 2016-10-06 | Open Proxy in filedownload v1.4 wordpress plugin |
| CVE-2015-1000003 | 2016-10-06 | Blind SQL Injection in filedownload v1.4 wordpress plugin |
| CVE-2015-1000004 | 2016-10-06 | XSS in filedownload v1.4 wordpress plugin |
| CVE-2015-1000005 | 2016-10-06 | Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin |
| CVE-2015-1000006 | 2016-10-06 | Remote file download vulnerability in recent-backups v0.7 wordpress plugin |
| CVE-2015-1000007 | 2016-10-06 | Remote file download vulnerability in wptf-image-gallery v1.03 |
| CVE-2015-1000008 | 2016-10-06 | Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 |
| CVE-2015-1000009 | 2016-10-06 | Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 |
| CVE-2015-1000010 | 2016-10-06 | Remote file download in simple-image-manipulator v1.0 wordpress plugin |
| CVE-2015-1000011 | 2016-10-06 | Blind SQL Injection in wordpress plugin dukapress v2.5.9 |
| CVE-2015-1000012 | 2016-10-06 | Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin |
| CVE-2015-1000013 | 2016-10-06 | Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 |
| CVE-2016-1000000 | 2016-10-06 | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection |
| CVE-2016-1000009 | 2016-10-06 | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. |
| CVE-2016-1000112 | 2016-10-06 | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin |
| CVE-2016-1000113 | 2016-10-06 | XSS and SQLi in huge IT gallery v1.1.5 for Joomla |
| CVE-2016-1000114 | 2016-10-06 | XSS in huge IT gallery v1.1.5 for Joomla |
| CVE-2016-1000123 | 2016-10-06 | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla |
| CVE-2016-1000124 | 2016-10-06 | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 |
| CVE-2016-1000125 | 2016-10-06 | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla |
| CVE-2016-1000217 | 2016-10-06 | Zotpress plugin for WordPress SQLi in zp_get_account() |
| CVE-2015-2080 | 2016-10-07 | The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. |
| CVE-2015-5162 | 2016-10-07 | The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might... |
| CVE-2015-7363 | 2016-10-07 | Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before... |
| CVE-2016-3699 | 2016-10-07 | The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass... |
| CVE-2016-6273 | 2016-10-07 | The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and... |
| CVE-2016-6323 | 2016-10-07 | The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent... |
| CVE-2016-7040 | 2016-10-07 | Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users... |
| CVE-2016-7167 | 2016-10-07 | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length... |
| CVE-2016-7424 | 2016-10-07 | The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. |
| CVE-2016-7777 | 2016-10-07 | Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information... |
| CVE-2016-1000001 | 2016-10-07 | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect |
| CVE-2016-1000003 | 2016-10-07 | Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. |
| CVE-2016-1000007 | 2016-10-07 | Pagure 2.2.1 XSS in raw file endpoint |
| CVE-2015-0572 | 2016-10-10 | Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other... |
| CVE-2015-8950 | 2016-10-10 | arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain... |
| CVE-2015-8951 | 2016-10-10 | Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a... |
| CVE-2015-8955 | 2016-10-10 | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that... |
| CVE-2015-8956 | 2016-10-10 | The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving... |
| CVE-2016-3860 | 2016-10-10 | sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka... |
| CVE-2016-3882 | 2016-10-10 | Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that... |
| CVE-2016-3900 | 2016-10-10 | cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges... |
| CVE-2016-3901 | 2016-10-10 | Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain... |
| CVE-2016-3902 | 2016-10-10 | drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug... |
| CVE-2016-3903 | 2016-10-10 | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a... |
| CVE-2016-3905 | 2016-10-10 | CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android... |
| CVE-2016-3908 | 2016-10-10 | The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application,... |
| CVE-2016-3909 | 2016-10-10 | The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges... |
| CVE-2016-3910 | 2016-10-10 | services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug... |
| CVE-2016-3911 | 2016-10-10 | core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application,... |
| CVE-2016-3912 | 2016-10-10 | The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application,... |
| CVE-2016-3913 | 2016-10-10 | media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows... |
| CVE-2016-3914 | 2016-10-10 | Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via... |
| CVE-2016-3915 | 2016-10-10 | camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a... |
| CVE-2016-3916 | 2016-10-10 | camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a... |
| CVE-2016-3917 | 2016-10-10 | The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate... |
| CVE-2016-3918 | 2016-10-10 | email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers,... |
| CVE-2016-3920 | 2016-10-10 | id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device... |
| CVE-2016-3921 | 2016-10-10 | libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted... |
| CVE-2016-3922 | 2016-10-10 | libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619. |
| CVE-2016-3923 | 2016-10-10 | The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. |
| CVE-2016-3924 | 2016-10-10 | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows... |
| CVE-2016-3925 | 2016-10-10 | server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. |
| CVE-2016-3926 | 2016-10-10 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953. |
| CVE-2016-3927 | 2016-10-10 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244. |
| CVE-2016-3928 | 2016-10-10 | The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384. |
| CVE-2016-3929 | 2016-10-10 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675. |
| CVE-2016-3930 | 2016-10-10 | The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138. |
| CVE-2016-3931 | 2016-10-10 | drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted... |
| CVE-2016-3932 | 2016-10-10 | mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. |
| CVE-2016-3933 | 2016-10-10 | mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408. |
| CVE-2016-3934 | 2016-10-10 | drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers... |
| CVE-2016-3935 | 2016-10-10 | Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain... |
| CVE-2016-3936 | 2016-10-10 | The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019037 and MediaTek internal bug ALPS02829568. |
| CVE-2016-3937 | 2016-10-10 | The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874. |
| CVE-2016-3938 | 2016-10-10 | drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application,... |
| CVE-2016-3939 | 2016-10-10 | drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application,... |
| CVE-2016-3940 | 2016-10-10 | The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991. |
| CVE-2016-5343 | 2016-10-10 | drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to... |
| CVE-2016-6672 | 2016-10-10 | The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088. |