CVE List - 2016 / September
Showing 1 - 100 of 595 CVEs for September 2016 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-0293 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2016-0370 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an... |
| CVE-2016-3064 | 2016-09-01 | NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. |
| CVE-2016-0385 | 2016-09-01 | Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote... |
| CVE-2016-2954 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2016-2956 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2016-2995 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject... |
| CVE-2016-2997 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject... |
| CVE-2016-2998 | 2016-09-01 | Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of... |
| CVE-2016-3005 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject... |
| CVE-2016-3008 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2016-3010 | 2016-09-01 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject... |
| CVE-2016-5047 | 2016-09-01 | NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. |
| CVE-2016-4264 | 2016-09-01 | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to... |
| CVE-2016-6298 | 2016-09-01 | The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain... |
| CVE-2016-1470 | 2016-09-02 | Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users,... |
| CVE-2016-1471 | 2016-09-02 | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2016-1472 | 2016-09-02 | The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request,... |
| CVE-2016-1473 | 2016-09-02 | Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community,... |
| CVE-2016-6376 | 2016-09-02 | The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to... |
| CVE-2016-4848 | 2016-09-02 | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-4851 | 2016-09-02 | Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-4853 | 2016-09-02 | AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. |
| CVE-2016-6483 | 2016-09-02 | The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch... |
| CVE-2016-0772 | 2016-09-02 | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to... |
| CVE-2016-4952 | 2016-09-02 | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors... |
| CVE-2016-5105 | 2016-09-02 | The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host... |
| CVE-2016-5106 | 2016-09-02 | The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write... |
| CVE-2016-5107 | 2016-09-02 | The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and... |
| CVE-2016-5636 | 2016-09-02 | Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a... |
| CVE-2016-5699 | 2016-09-02 | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via... |
| CVE-2016-5879 | 2016-09-02 | MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. |
| CVE-2016-6893 | 2016-09-02 | Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify... |
| CVE-2016-7123 | 2016-09-02 | Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. |
| CVE-2015-5719 | 2016-09-03 | app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors. |
| CVE-2015-5720 | 2016-09-03 | Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving... |
| CVE-2015-5721 | 2016-09-03 | Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. |
| CVE-2016-1415 | 2016-09-03 | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
| CVE-2016-1464 | 2016-09-03 | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. |
| CVE-2016-5429 | 2016-09-03 | jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and... |
| CVE-2016-5430 | 2016-09-03 | The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain... |
| CVE-2016-6377 | 2016-09-03 | Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls... |
| CVE-2016-7112 | 2016-09-06 | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions... |
| CVE-2016-7113 | 2016-09-06 | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions... |
| CVE-2016-7114 | 2016-09-06 | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions... |
| CVE-2016-7152 | 2016-09-06 | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data... |
| CVE-2016-7153 | 2016-09-06 | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data... |
| CVE-2016-6344 | 2016-09-07 | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive... |
| CVE-2016-6345 | 2016-09-07 | RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. |
| CVE-2016-6346 | 2016-09-07 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. |
| CVE-2016-6351 | 2016-09-07 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write... |
| CVE-2016-6855 | 2016-09-07 | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service... |
| CVE-2016-7033 | 2016-09-07 | Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2016-7034 | 2016-09-07 | The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for... |
| CVE-2016-1241 | 2016-09-07 | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
| CVE-2016-1242 | 2016-09-07 | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via... |
| CVE-2016-5022 | 2016-09-07 | F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM,... |
| CVE-2016-5422 | 2016-09-07 | The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users... |
| CVE-2016-6180 | 2016-09-07 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash)... |
| CVE-2016-6181 | 2016-09-07 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash)... |
| CVE-2016-6182 | 2016-09-07 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash)... |
| CVE-2016-6183 | 2016-09-07 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash)... |
| CVE-2016-6184 | 2016-09-07 | The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash)... |
| CVE-2016-6316 | 2016-09-07 | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script... |
| CVE-2016-6317 | 2016-09-07 | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers... |
| CVE-2016-6318 | 2016-09-07 | Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field,... |
| CVE-2016-6670 | 2016-09-07 | Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover... |
| CVE-2016-6825 | 2016-09-07 | Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3... |
| CVE-2016-6838 | 2016-09-07 | Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers... |
| CVE-2016-6839 | 2016-09-07 | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
| CVE-2016-6876 | 2016-09-07 | The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP... |
| CVE-2016-6898 | 2016-09-07 | XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause... |
| CVE-2016-6899 | 2016-09-07 | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885... |
| CVE-2016-6900 | 2016-09-07 | The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885... |
| CVE-2016-7107 | 2016-09-07 | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. |
| CVE-2016-7108 | 2016-09-07 | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. |
| CVE-2016-7109 | 2016-09-07 | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. |
| CVE-2016-7110 | 2016-09-07 | Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. |
| CVE-2015-8948 | 2016-09-07 | idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. |
| CVE-2016-5404 | 2016-09-07 | The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. |
| CVE-2016-6179 | 2016-09-07 | The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows... |
| CVE-2016-6261 | 2016-09-07 | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. |
| CVE-2016-6262 | 2016-09-07 | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than... |
| CVE-2016-6263 | 2016-09-07 | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. |
| CVE-2016-4375 | 2016-09-08 | Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4)... |
| CVE-2016-4379 | 2016-09-08 | The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers... |
| CVE-2016-4380 | 2016-09-08 | Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-4381 | 2016-09-08 | HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access... |
| CVE-2016-7175 | 2016-09-09 | epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash)... |
| CVE-2016-7176 | 2016-09-09 | epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial... |
| CVE-2016-7177 | 2016-09-09 | epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read... |
| CVE-2016-7178 | 2016-09-09 | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial... |
| CVE-2016-7179 | 2016-09-09 | Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
| CVE-2016-7180 | 2016-09-09 | epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service... |
| CVE-2016-1263 | 2016-09-09 | Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 before 15.1F4-S2, 15.1R before 15.1R2-S3,... |
| CVE-2016-1275 | 2016-09-09 | Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of... |
| CVE-2016-1277 | 2016-09-09 | Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49... |
| CVE-2016-1279 | 2016-09-09 | J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2... |
| CVE-2016-1280 | 2016-09-09 | PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before... |
| CVE-2016-4573 | 2016-09-09 | Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode... |