LiveActive security incident?Get immediate response
CVE archive

December 2016

Browse CVE records published in December 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 530 matching CVEs · Page 4 of 11.

Unknown · CVSS Not scored

CVE-2016-9426: An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.

Published Dec 12, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9207: A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, re...

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9199: A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated,...

A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9193: A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center...

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9209: A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote...

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9223: A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr)...

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).

Published Dec 26, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9203: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software co...

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known Fixed Releases: 21.1.M0.65431 21.1.PP0.65733 21.1.R0.65467 21.1.R0.65496 21.1.VC0.65434 21.1.VC0.65489 21.2.A0.65437.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9212: A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software...

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9202: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches coul...

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9201: A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an un...

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9206: A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthen...

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9210: A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Ma...

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9208: A vulnerability in the File Management Utility, the Download File form, and the Serviceability application...

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9192: A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local...

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9160: A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All...

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

Published Dec 17, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9205: A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticat...

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL.

Published Dec 14, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9154: Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D,...

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.

Published Dec 23, 2016 · Updated Aug 6, 2024