Search
Total
3359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5059 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. | |||||
| CVE-2015-8276 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2017-04-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files. | |||||
| CVE-2017-7589 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. | |||||
| CVE-2014-8570 | 1 Huawei | 52 5300hi, 5300hi Firmware, 5310ei and 49 more | 2017-04-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping. | |||||
| CVE-2016-0242 | 1 Ibm | 1 Security Guardium | 2017-04-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | |||||
| CVE-2016-2311 | 1 Blackbox | 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more | 2017-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. | |||||
| CVE-2014-9691 | 1 Huawei | 64 Tecal Bh620 V2, Tecal Bh620 V2 Firmware, Tecal Bh621 V2 and 61 more | 2017-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI. | |||||
| CVE-2016-8272 | 1 Huawei | 1 Hisuite | 2017-04-05 | 2.1 LOW | 5.3 MEDIUM |
| Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. | |||||
| CVE-2017-1154 | 1 Ibm | 1 Algo One | 2017-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1999892. | |||||
| CVE-2016-4976 | 1 Apache | 1 Ambari | 2017-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | |||||
| CVE-2017-1142 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-03-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874. | |||||
| CVE-2017-1143 | 1 Ibm | 1 Kenexa Lcms Premier | 2017-03-31 | 3.5 LOW | 5.3 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874. | |||||
| CVE-2014-8702 | 1 Wondercms | 1 Wondercms | 2017-03-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | |||||
| CVE-2016-2367 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 3.5 LOW | 5.9 MEDIUM |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. | |||||
| CVE-2016-2372 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 4.9 MEDIUM | 5.9 MEDIUM |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | |||||
| CVE-2015-8628 | 1 Mediawiki | 1 Mediawiki | 2017-03-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics. | |||||
| CVE-2016-1603 | 1 Novell | 1 Netiq Idm Servicenow Driver | 2017-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | |||||
| CVE-2014-8706 | 1 Pluck-cms | 1 Pluck | 2017-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | |||||
| CVE-2016-1772 | 1 Apple | 1 Safari | 2017-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | |||||
| CVE-2017-1155 | 1 Ibm | 1 Algo One | 2017-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. | |||||
| CVE-2016-2981 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-03-23 | 2.1 LOW | 6.8 MEDIUM |
| An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. | |||||
| CVE-2017-5537 | 1 Weblate | 1 Weblate | 2017-03-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests. | |||||
| CVE-2017-3871 | 1 Cisco | 1 Prime Optical | 2017-03-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). | |||||
| CVE-2015-3882 | 1 Qdpm | 1 Qdpm | 2017-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||||
| CVE-2014-8723 | 1 Get-simple | 1 Getsimple Cms | 2017-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | |||||
| CVE-2016-10135 | 1 Lg | 1 Lg Mobile | 2017-03-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2017-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2016-5813 | 1 Visonic | 2 Powerlink2, Powerlink2 Firmware | 2017-03-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE). | |||||
| CVE-2016-9720 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2017-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533. | |||||
| CVE-2016-4947 | 1 Cloudera | 1 Hue | 2017-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. | |||||
| CVE-2016-9725 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2017-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539. | |||||
| CVE-2017-5866 | 1 Owncloud | 1 Owncloud | 2017-03-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-5967 | 1 Linux | 1 Linux Kernel | 2017-03-07 | 2.1 LOW | 4.0 MEDIUM |
| The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. | |||||
| CVE-2016-7409 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2017-03-04 | 2.1 LOW | 5.5 MEDIUM |
| The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. | |||||
| CVE-2016-0890 | 1 Emc | 1 Powerpath Virtual Appliance | 2017-03-02 | 6.0 MEDIUM | 6.4 MEDIUM |
| EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8492 | 1 Fortinet | 1 Fortios | 2017-03-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. | |||||
| CVE-2016-10212 | 1 Radware | 1 Alteon | 2017-03-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product. | |||||
| CVE-2015-8859 | 1 Nodejs | 1 Node.js | 2017-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | |||||
| CVE-2016-10213 | 1 A10networks | 1 Advanced Core Operating System | 2017-03-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2016-4042 | 1 Plone | 1 Plone | 2017-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | |||||
| CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2017-02-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | |||||
| CVE-2017-6072 | 1 Cmsmadesimple | 2 Cms Made Simple, Form Builder | 2017-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | |||||
| CVE-2016-6190 | 1 Inverse-inc | 1 Sogo | 2017-02-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | |||||
| CVE-2016-7761 | 1 Apple | 1 Mac Os X | 2017-02-22 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. | |||||
| CVE-2016-7759 | 1 Apple | 1 Iphone Os | 2017-02-22 | 2.1 LOW | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher. | |||||
| CVE-2016-7666 | 1 Apple | 1 Transporter | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB. | |||||
| CVE-2016-7614 | 1 Apple | 1 Icloud | 2017-02-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors. | |||||
| CVE-2016-7153 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2017-02-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
| CVE-2016-7152 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2017-02-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
| CVE-2016-6060 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. | |||||