Search
Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0287 | 2 Ibm, Microsoft | 2 I Access, Windows | 2017-11-03 | 2.1 LOW | 7.8 HIGH |
| IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | |||||
| CVE-2015-5246 | 1 Theforeman | 1 Foreman | 2017-11-01 | 6.8 MEDIUM | 8.1 HIGH |
| The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | |||||
| CVE-2015-7843 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2017-10-23 | 4.0 MEDIUM | 8.8 HIGH |
| The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | |||||
| CVE-2016-2193 | 1 Postgresql | 1 Postgresql | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. | |||||
| CVE-2016-5132 | 1 Google | 1 Chrome | 2017-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. | |||||
| CVE-2016-3648 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | |||||
| CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||
| CVE-2016-5128 | 1 Google | 2 Chrome, V8 | 2017-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2016-3400 | 1 Netapp | 1 Data Ontap | 2017-08-31 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
| CVE-2015-6498 | 1 Alcatel-lucent | 1 Home Device Manager | 2017-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | |||||
| CVE-2016-6271 | 1 Bzrtp Project | 1 Bzrtp | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | |||||
| CVE-2016-9028 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2017-07-29 | 5.8 MEDIUM | 8.8 HIGH |
| Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | |||||
| CVE-2016-4689 | 1 Apple | 1 Iphone Os | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate. | |||||
| CVE-2016-9160 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2017-07-27 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. | |||||
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2017-07-05 | 6.8 MEDIUM | 7.5 HIGH |
| NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
| CVE-2016-9861 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-5145 | 1 Google | 1 Chrome | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
| CVE-2016-9738 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | |||||
| CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2017-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | |||||
| CVE-2016-5052 | 1 Osram | 1 Lightify Home | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. | |||||
| CVE-2016-5057 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. | |||||
| CVE-2016-8768 | 1 Huawei | 6 Honor 6, Honor 6 Firmware, Honor 6 Plus and 3 more | 2017-04-11 | 9.3 HIGH | 7.8 HIGH |
| Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. | |||||
| CVE-2015-8990 | 1 Mcafee | 1 Advanced Threat Defense | 2017-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | |||||
| CVE-2016-3180 | 1 Tor Browser Launcher Project | 1 Tor Browser Launcher | 2017-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | |||||
| CVE-2016-3102 | 1 Jenkins | 1 Script Security | 2017-02-28 | 7.5 HIGH | 7.3 HIGH |
| The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | |||||
| CVE-2016-8310 | 1 Oracle | 1 Flexcube Universal Banking | 2017-02-11 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2016-5091 | 1 Typo3 | 1 Typo3 | 2017-01-26 | 6.8 MEDIUM | 8.1 HIGH |
| Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | |||||
| CVE-2016-5196 | 1 Google | 1 Chrome | 2017-01-20 | 6.8 MEDIUM | 8.8 HIGH |
| The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | |||||
| CVE-2016-3128 | 1 Blackberry | 1 Enterprise Service | 2017-01-20 | 6.4 MEDIUM | 8.2 HIGH |
| A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | |||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | |||||
| CVE-2016-6460 | 1 Cisco | 1 Firesight System Software | 2016-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. | |||||
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2016-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2016-1738 | 1 Apple | 1 Mac Os X | 2016-12-03 | 7.2 HIGH | 7.8 HIGH |
| dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. | |||||
| CVE-2015-7914 | 1 Sauter | 1 Moduweb Vision | 2016-12-03 | 9.3 HIGH | 8.1 HIGH |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | |||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2016-7989 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. | |||||
| CVE-2016-2929 | 1 Ibm | 1 Bigfix Remote Control | 2016-11-30 | 4.3 MEDIUM | 8.1 HIGH |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | |||||
| CVE-2016-7031 | 2 Ceph Project, Redhat | 2 Ceph, Ceph Storage | 2016-11-28 | 4.3 MEDIUM | 7.5 HIGH |
| The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | |||||
| CVE-2016-5363 | 1 Openstack | 1 Neutron | 2016-11-28 | 6.4 MEDIUM | 8.2 HIGH |
| The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | |||||
| CVE-2016-3025 | 1 Ibm | 2 Security Access Manager, Security Access Manager For Mobile | 2016-11-28 | 5.0 MEDIUM | 8.1 HIGH |
| IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | |||||
| CVE-2016-0896 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address. | |||||
| CVE-2016-0828 | 1 Google | 1 Android | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. | |||||
| CVE-2016-0829 | 1 Google | 1 Android | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. | |||||
| CVE-2014-9793 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | |||||
| CVE-2016-5247 | 1 Lenovo | 23 Bios, Thinkcentre E93, Thinkcentre M6500t\/s and 20 more | 2016-09-23 | 7.2 HIGH | 7.8 HIGH |
| The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. | |||||
| CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2016-09-22 | 2.1 LOW | 8.4 HIGH |
| The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | |||||
| CVE-2016-3752 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 7.8 HIGH |
| internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423. | |||||