Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7077 | 1 Theforeman | 1 Foreman | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. | |||||
| CVE-2016-6543 | 1 Ieasytec | 1 Itrack Easy | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. | |||||
| CVE-2016-6549 | 1 Nutspace | 1 Nut Mobile | 2019-10-09 | 3.3 LOW | 4.3 MEDIUM |
| The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. | |||||
| CVE-2016-7056 | 4 Canonical, Debian, Openssl and 1 more | 4 Ubuntu Linux, Debian Linux, Openssl and 1 more | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | |||||
| CVE-2016-7061 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | |||||
| CVE-2016-7041 | 1 Redhat | 2 Jboss Brms, Jboss Drools | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | |||||
| CVE-2016-7078 | 1 Theforeman | 1 Foreman | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. | |||||
| CVE-2016-4924 | 1 Juniper | 1 Junos | 2019-10-09 | 1.7 LOW | 5.5 MEDIUM |
| An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 | |||||
| CVE-2016-4923 | 1 Juniper | 1 Junos | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57. | |||||
| CVE-2016-1584 | 1 Unity8 | 1 Unity8 | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. | |||||
| CVE-2016-2922 | 1 Ibm | 1 Rational Clearquest | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. | |||||
| CVE-2016-2125 | 2 Redhat, Samba | 8 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 5 more | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. | |||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | |||||
| CVE-2016-2120 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. | |||||
| CVE-2016-10530 | 1 Airbrake | 1 Airbrake | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS. | |||||
| CVE-2016-10547 | 1 Mozilla | 1 Nunjucks | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM. | |||||
| CVE-2016-10362 | 1 Elasticsearch | 1 Output Plugin | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | |||||
| CVE-2016-10537 | 1 Backbone Project | 1 Backbone | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`. | |||||
| CVE-2016-0373 | 1 Ibm | 1 Urbancode Deploy | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119. | |||||
| CVE-2016-0715 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present. | |||||
| CVE-2016-10536 | 1 Socket | 1 Engine.io-client | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off. | |||||
| CVE-2016-10535 | 1 Csrf-lite Project | 1 Csrf-lite | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. | |||||
| CVE-2016-10534 | 1 Electron-packager Project | 1 Electron-packager | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack. | |||||
| CVE-2016-10548 | 1 Reduce-css-calc Project | 1 Reduce-css-calc | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function. | |||||
| CVE-2016-10531 | 1 Marked Project | 1 Marked | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. | |||||
| CVE-2016-10561 | 1 Bitty Project | 1 Bitty | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. | |||||
| CVE-2016-10613 | 1 Bionode | 1 Bionode-sra | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10630 | 1 Install-g-test Project | 1 Install-g-test | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10543 | 1 Call Project | 1 Call | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. | |||||
| CVE-2016-10555 | 1 Jwt-simple Project | 1 Jwt-simple | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. | |||||
| CVE-2016-10528 | 1 Restafary Project | 1 Restafary | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. | |||||
| CVE-2016-10549 | 1 Sailsjs | 1 Sails | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible. | |||||
| CVE-2016-10544 | 1 Uws Project | 1 Uws | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | |||||
| CVE-2015-7559 | 1 Apache | 1 Activemq | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | |||||
| CVE-2015-9236 | 1 Hapijs | 1 Hapi | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route. | |||||
| CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | |||||
| CVE-2015-9102 | 1 Synology | 1 Photo Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | |||||
| CVE-2015-9103 | 1 Synology | 1 Note Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | |||||
| CVE-2015-9104 | 1 Synology | 1 Audio Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | |||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | |||||
| CVE-2015-9238 | 1 Secure-compare Project | 1 Secure-compare | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. | |||||
| CVE-2015-6462 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | |||||
| CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2019-10-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | |||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of unity-scope-gdrive logs search terms to syslog. | |||||
| CVE-2014-5431 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2019-10-09 | 4.6 MEDIUM | 6.8 MEDIUM |
| Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. | |||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
| CVE-2014-10065 | 1 Remarkable Project | 1 Remarkable | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | |||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | |||||
| CVE-2012-0433 | 1 Crowbar Project | 1 Crowbar | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. | |||||