Search
Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10194 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2017-10-24 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-1000114 | 1 Jenkins | 1 Datadog | 2017-10-17 | 4.3 MEDIUM | 3.1 LOW |
| The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form. | |||||
| CVE-2017-14772 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2017-10-11 | 2.1 LOW | 3.3 LOW |
| Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | |||||
| CVE-2015-5070 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2017-10-10 | 3.5 LOW | 3.1 LOW |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | |||||
| CVE-2015-0238 | 1 Redhat | 1 Openshift | 2017-10-10 | 2.1 LOW | 3.3 LOW |
| selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | |||||
| CVE-2017-1346 | 1 Ibm | 1 Business Process Manager | 2017-09-28 | 1.9 LOW | 2.5 LOW |
| IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | |||||
| CVE-2015-8224 | 1 Huawei | 2 P8, P8 Firmware | 2017-09-23 | 4.3 MEDIUM | 3.7 LOW |
| Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. | |||||
| CVE-2017-8676 | 1 Microsoft | 14 Live Meeting, Lync, Office and 11 more | 2017-09-21 | 2.1 LOW | 3.3 LOW |
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | |||||
| CVE-2017-1520 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2017-09-15 | 4.3 MEDIUM | 3.7 LOW |
| IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||||
| CVE-2015-6858 | 1 Hp | 1 Insight Management | 2017-09-13 | 4.3 MEDIUM | 3.7 LOW |
| HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2513 | 1 Djangoproject | 1 Django | 2017-09-08 | 2.6 LOW | 3.1 LOW |
| The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | |||||
| CVE-2015-7490 | 1 Ibm | 1 Infosphere Information Server | 2017-09-08 | 3.5 LOW | 3.1 LOW |
| IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. | |||||
| CVE-2016-3428 | 1 Oracle | 1 Agile Engineering Data Management | 2017-09-03 | 1.8 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface. | |||||
| CVE-2016-8016 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 3.5 LOW | 3.4 LOW |
| Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter. | |||||
| CVE-2016-2978 | 1 Ibm | 1 Sametime | 2017-09-03 | 2.1 LOW | 3.3 LOW |
| IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. | |||||
| CVE-2016-2974 | 1 Ibm | 1 Sametime | 2017-09-01 | 2.1 LOW | 3.3 LOW |
| IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. | |||||
| CVE-2016-3484 | 1 Oracle | 1 Database | 2017-09-01 | 3.2 LOW | 3.4 LOW |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2015-8801 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 3.3 LOW | 2.9 LOW |
| Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | |||||
| CVE-2016-3450 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466. | |||||
| CVE-2016-3469 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services. | |||||
| CVE-2016-5473 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 3.5 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537. | |||||
| CVE-2016-4593 | 1 Apple | 1 Iphone Os | 2017-09-01 | 2.1 LOW | 2.4 LOW |
| The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | |||||
| CVE-2016-3490 | 1 Oracle | 1 Transportation Management | 2017-09-01 | 3.5 LOW | 3.0 LOW |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database. | |||||
| CVE-2016-3474 | 1 Oracle | 1 Business Intelligence Publisher | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security. | |||||
| CVE-2016-2894 | 1 Ibm | 1 Tivoli Storage Manager | 2017-09-01 | 2.1 LOW | 2.5 LOW |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. | |||||
| CVE-2016-3531 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2017-09-01 | 3.5 LOW | 3.5 LOW |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification. | |||||
| CVE-2016-3482 | 1 Oracle | 1 Http Server | 2017-09-01 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module. | |||||
| CVE-2016-5462 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.0 MEDIUM | 2.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. | |||||
| CVE-2016-4645 | 1 Apple | 1 Mac Os X | 2017-09-01 | 2.1 LOW | 3.3 LOW |
| CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3516 | 1 Oracle | 1 Enterprise Communications Broker | 2017-09-01 | 4.0 MEDIUM | 3.1 LOW |
| Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514. | |||||
| CVE-2016-5466 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460. | |||||
| CVE-2016-5460 | 1 Oracle | 1 Siebel Core-server Framework | 2017-09-01 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466. | |||||
| CVE-2017-1422 | 1 Ibm | 1 Maas360 Dtm | 2017-08-30 | 2.1 LOW | 3.3 LOW |
| IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. | |||||
| CVE-2016-0385 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 3.5 LOW | 3.1 LOW |
| Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2960 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. | |||||
| CVE-2016-4740 | 1 Apple | 1 Iphone Os | 2017-08-13 | 1.9 LOW | 2.9 LOW |
| Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-4749 | 1 Apple | 1 Iphone Os | 2017-08-13 | 2.1 LOW | 3.3 LOW |
| Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. | |||||
| CVE-2016-3888 | 1 Google | 1 Android | 2017-08-13 | 2.1 LOW | 2.1 LOW |
| internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. | |||||
| CVE-2016-4747 | 1 Apple | 1 Iphone Os | 2017-08-13 | 4.3 MEDIUM | 3.7 LOW |
| Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||||
| CVE-2016-4620 | 1 Apple | 1 Iphone Os | 2017-08-13 | 4.3 MEDIUM | 3.3 LOW |
| The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. | |||||
| CVE-2016-6224 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2017-08-08 | 2.1 LOW | 3.3 LOW |
| ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | |||||
| CVE-2016-7812 | 1 Mufg | 1 Mitsubishi Ufj | 2017-08-07 | 4.3 MEDIUM | 3.1 LOW |
| The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication. | |||||
| CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 3.3 LOW |
| The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |||||
| CVE-2016-4751 | 1 Apple | 1 Safari | 2017-07-30 | 4.3 MEDIUM | 3.5 LOW |
| The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | |||||
| CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2017-07-30 | 4.3 MEDIUM | 3.7 LOW |
| mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | |||||
| CVE-2016-4717 | 1 Apple | 1 Mac Os X | 2017-07-30 | 5.0 MEDIUM | 3.3 LOW |
| The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2016-5615 | 1 Oracle | 1 Solaris | 2017-07-29 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. | |||||
| CVE-2016-5499 | 1 Oracle | 1 Database Server | 2017-07-29 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. | |||||
| CVE-2016-5498 | 1 Oracle | 1 Database Server | 2017-07-29 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499. | |||||
| CVE-2016-5490 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA. | |||||