Search
Total
352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5865 | 1 Owncloud | 1 Owncloud | 2017-03-08 | 4.3 MEDIUM | 3.7 LOW |
| The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | |||||
| CVE-2015-8034 | 1 Saltstack | 1 Salt | 2017-03-02 | 2.1 LOW | 3.3 LOW |
| The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2016-7765 | 1 Apple | 1 Iphone Os | 2017-02-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents. | |||||
| CVE-2016-7577 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-02-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended. | |||||
| CVE-2016-5953 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2017-02-15 | 4.3 MEDIUM | 3.7 LOW |
| IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. | |||||
| CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2017-02-15 | 2.1 LOW | 3.3 LOW |
| A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | |||||
| CVE-2016-8305 | 1 Oracle | 1 Flexcube Universal Banking | 2017-02-11 | 1.9 LOW | 2.1 LOW |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts). | |||||
| CVE-2016-3045 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2017-02-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. | |||||
| CVE-2016-5938 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 2.1 LOW | 3.3 LOW |
| IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2016-0297 | 1 Ibm | 1 Bigfix Platform | 2017-02-05 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | |||||
| CVE-2017-3239 | 1 Oracle | 1 Glassfish Server | 2017-01-31 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). | |||||
| CVE-2016-7960 | 1 Siemens | 1 Simatic Step 7 | 2016-12-22 | 1.9 LOW | 2.5 LOW |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2015-4961 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-12-22 | 2.9 LOW | 2.6 LOW |
| IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
| CVE-2015-8509 | 1 Mozilla | 1 Bugzilla | 2016-12-07 | 4.3 MEDIUM | 3.5 LOW |
| Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code. | |||||
| CVE-2015-7884 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 1.9 LOW | 2.3 LOW |
| The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
| CVE-2015-7885 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 2.1 LOW | 2.3 LOW |
| The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
| CVE-2015-7421 | 1 Ibm | 1 Mq Appliance M2000 | 2016-12-07 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. | |||||
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2016-12-07 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | |||||
| CVE-2015-6641 | 1 Google | 1 Android | 2016-12-07 | 2.9 LOW | 3.1 LOW |
| Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||||
| CVE-2016-2952 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-3155 | 1 Siemens | 1 Apogee Insight | 2016-12-03 | 3.6 LOW | 3.4 LOW |
| Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2016-12-03 | 1.7 LOW | 3.8 LOW |
| The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2016-2949 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 2.1 LOW | 3.3 LOW |
| IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | |||||
| CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 4.3 MEDIUM | 3.3 LOW |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
| CVE-2016-1852 | 1 Apple | 1 Iphone Os | 2016-12-02 | 2.1 LOW | 2.4 LOW |
| Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. | |||||
| CVE-2016-1849 | 1 Apple | 2 Iphone Os, Safari | 2016-12-01 | 2.1 LOW | 3.3 LOW |
| The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | |||||
| CVE-2016-1791 | 1 Apple | 1 Mac Os X | 2016-12-01 | 4.3 MEDIUM | 3.3 LOW |
| The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2016-12-01 | 4.3 MEDIUM | 3.3 LOW |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
| CVE-2016-3002 | 1 Ibm | 1 Connections | 2016-11-30 | 2.1 LOW | 2.1 LOW |
| IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | |||||
| CVE-2016-0259 | 1 Ibm | 1 Websphere Mq | 2016-11-30 | 2.1 LOW | 2.5 LOW |
| runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |||||
| CVE-2016-5812 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2016-11-28 | 2.1 LOW | 3.3 LOW |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | |||||
| CVE-2016-5849 | 1 Siemens | 1 Sicam Pas | 2016-11-28 | 1.9 LOW | 2.5 LOW |
| Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |||||
| CVE-2016-5481 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services. | |||||
| CVE-2016-5233 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. | |||||
| CVE-2016-2947 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2016-11-28 | 4.0 MEDIUM | 2.7 LOW |
| IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-0378 | 1 Ibm | 1 Websphere Application Server | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||||
| CVE-2016-0353 | 1 Ibm | 1 Security Privileged Identity Manager | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0372 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-0248 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||||
| CVE-2016-3759 | 1 Google | 1 Android | 2016-07-12 | 5.0 MEDIUM | 3.3 LOW |
| The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | |||||
| CVE-2016-2861 | 1 Ibm | 1 Websphere Extreme Scale | 2016-07-06 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
| CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |||||
| CVE-2016-4516 | 1 Abb | 1 Pcm600 | 2016-06-15 | 2.1 LOW | 3.3 LOW |
| ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3711 | 1 Redhat | 2 Openshift, Openshift Origin | 2016-06-09 | 2.1 LOW | 3.3 LOW |
| HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | |||||
| CVE-2015-4958 | 1 Ibm | 1 Infosphere Master Data Management | 2016-01-20 | 2.1 LOW | 3.3 LOW |
| IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. | |||||
| CVE-2015-8481 | 1 Atlassian | 3 Jira, Jira Core, Jira Service Desk | 2016-01-13 | 3.5 LOW | 3.1 LOW |
| Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference. | |||||
| CVE-2016-1500 | 1 Owncloud | 1 Owncloud | 2016-01-12 | 3.5 LOW | 3.1 LOW |
| ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. | |||||
| CVE-2015-4962 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2016-01-08 | 2.7 LOW | 3.5 LOW |
| Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2015-4989 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-01-06 | 5.0 MEDIUM | 3.7 LOW |
| The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name. | |||||