Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3782 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 4.3 MEDIUM | N/A |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||||
| CVE-2015-3778 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 3.3 LOW | N/A |
| bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |||||
| CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-24 | 4.3 MEDIUM | N/A |
| The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-0822 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2016-12-24 | 4.3 MEDIUM | N/A |
| The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | |||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-12-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | |||||
| CVE-2016-7889 | 1 Adobe | 1 Digital Editions | 2016-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||||
| CVE-2016-7960 | 1 Siemens | 1 Simatic Step 7 | 2016-12-22 | 1.9 LOW | 2.5 LOW |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2016-9201 | 1 Cisco | 1 Ios | 2016-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M. | |||||
| CVE-2016-7888 | 1 Adobe | 1 Digital Editions | 2016-12-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | |||||
| CVE-2015-7327 | 1 Mozilla | 1 Firefox | 2016-12-22 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls. | |||||
| CVE-2015-6830 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-22 | 5.0 MEDIUM | N/A |
| libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. | |||||
| CVE-2015-5921 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | |||||
| CVE-2015-5910 | 1 Apple | 1 Xcode | 2016-12-22 | 3.3 LOW | N/A |
| IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-5909 | 1 Apple | 1 Xcode | 2016-12-22 | 5.0 MEDIUM | N/A |
| IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. | |||||
| CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2016-12-22 | 5.0 MEDIUM | N/A |
| The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | |||||
| CVE-2015-5898 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||||
| CVE-2015-5892 | 1 Apple | 1 Iphone Os | 2016-12-22 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2015-5885 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | |||||
| CVE-2015-5880 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | |||||