Search
Total
2412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4929 | 1 Ibm | 1 License Metric Tool | 2016-12-08 | 4.0 MEDIUM | N/A |
| IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | |||||
| CVE-2015-4950 | 1 Ibm | 3 Tivoli Storage Fastback For Microsoft Exchange, Tivoli Storage Flashcopy Manager For Microsoft Exchange Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2016-12-08 | 4.0 MEDIUM | N/A |
| The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. | |||||
| CVE-2015-0938 | 1 Blue Coat | 1 Malware Analysis Appliance | 2016-12-08 | 5.0 MEDIUM | N/A |
| search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. | |||||
| CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2016-12-08 | 2.1 LOW | N/A |
| drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | |||||
| CVE-2015-8100 | 1 Net-snmp | 1 Net-snmp | 2016-12-07 | 2.1 LOW | N/A |
| The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. | |||||
| CVE-2015-8213 | 1 Djangoproject | 1 Django | 2016-12-07 | 5.0 MEDIUM | N/A |
| The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. | |||||
| CVE-2015-7762 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-12-07 | 5.0 MEDIUM | N/A |
| rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | |||||
| CVE-2015-7761 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
| Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | |||||
| CVE-2015-7998 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2016-12-07 | 5.0 MEDIUM | N/A |
| The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-7763 | 1 Openafs | 1 Openafs | 2016-12-07 | 5.0 MEDIUM | N/A |
| rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | |||||
| CVE-2015-7996 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2016-12-07 | 5.0 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. | |||||
| CVE-2015-7186 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | |||||
| CVE-2015-7195 | 1 Mozilla | 1 Firefox | 2016-12-07 | 5.0 MEDIUM | N/A |
| The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. | |||||
| CVE-2015-7190 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-07 | 5.0 MEDIUM | N/A |
| The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | |||||
| CVE-2015-7050 | 1 Apple | 2 Iphone Os, Safari | 2016-12-07 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | |||||
| CVE-2015-7056 | 1 Apple | 1 Xcode | 2016-12-07 | 5.0 MEDIUM | N/A |
| IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. | |||||
| CVE-2015-7080 | 1 Apple | 1 Iphone Os | 2016-12-07 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2015-6847 | 1 Emc | 1 Vplex Geosynchrony | 2016-12-07 | 2.1 LOW | N/A |
| The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-6428 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | |||||
| CVE-2015-6418 | 1 Cisco | 7 Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn Router Firmware, Rv042g Dual Gigabit Wan Vpn Firmware and 4 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | |||||
| CVE-2015-6414 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-12-07 | 2.1 LOW | N/A |
| Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. | |||||
| CVE-2015-6344 | 1 Cisco | 1 Asa Cx Context-aware Security Software | 2016-12-07 | 4.0 MEDIUM | N/A |
| The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. | |||||
| CVE-2015-6352 | 1 Cisco | 2 Hosted Collaboration Solution, Unified Communications Domain Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | |||||
| CVE-2015-6364 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | |||||
| CVE-2015-5712 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. | |||||
| CVE-2015-5713 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2016-12-07 | 5.0 MEDIUM | N/A |
| Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. | |||||
| CVE-2015-5302 | 1 Redhat | 1 Libreport | 2016-12-07 | 5.0 MEDIUM | N/A |
| libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report. | |||||
| CVE-2015-4928 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2016-12-07 | 4.3 MEDIUM | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. | |||||
| CVE-2015-5004 | 1 Ibm | 1 Websphere Application Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5015 | 1 Ibm | 1 Websphere Commerce Enterprise | 2016-12-07 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | |||||
| CVE-2015-4940 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2016-12-07 | 2.1 LOW | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-4515 | 1 Mozilla | 1 Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. | |||||
| CVE-2015-2935 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT." | |||||
| CVE-2012-2150 | 1 Sgi | 1 Xfsprogs | 2016-12-07 | 5.0 MEDIUM | N/A |
| xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | |||||
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2016-12-07 | 5.0 MEDIUM | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-4981 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2016-12-06 | 2.1 LOW | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via unspecified vectors. | |||||
| CVE-2015-4069 | 1 Arcserve | 1 Arcserve Unified Data Protection | 2016-12-06 | 7.8 HIGH | N/A |
| The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. | |||||
| CVE-2015-3949 | 1 Sinapsi | 2 Esolar Light, Esolar Light Firmware | 2016-12-06 | 2.1 LOW | N/A |
| Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page. | |||||
| CVE-2015-3448 | 1 Rest-client Project | 1 Rest-client | 2016-12-06 | 2.1 LOW | N/A |
| REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2015-3373 | 1 Amazon Aws Project | 1 Amazon Aws | 2016-12-06 | 5.0 MEDIUM | N/A |
| The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL. | |||||
| CVE-2015-3404 | 1 Certify Project | 1 Certify | 2016-12-06 | 4.0 MEDIUM | N/A |
| The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates." | |||||
| CVE-2015-3231 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-12-03 | 4.0 MEDIUM | N/A |
| The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | |||||
| CVE-2015-2855 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2016-12-03 | 4.3 MEDIUM | N/A |
| The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. | |||||
| CVE-2015-3010 | 1 Ceph | 1 Ceph-deploy | 2016-12-03 | 2.1 LOW | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2015-2771 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2016-12-03 | 5.0 MEDIUM | N/A |
| The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2016-12-03 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||||
| CVE-2015-2335 | 1 Mybb | 1 Mybb | 2016-12-03 | 5.0 MEDIUM | N/A |
| A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. | |||||
| CVE-2015-2214 | 1 Netcat | 1 Netcat | 2016-12-03 | 5.0 MEDIUM | N/A |
| NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | |||||
| CVE-2015-2121 | 1 Hp | 1 Network Virtualization | 2016-12-03 | 7.8 HIGH | N/A |
| HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. | |||||
| CVE-2015-2209 | 1 Dlguard | 1 Dlguard | 2016-12-03 | 5.0 MEDIUM | N/A |
| DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | |||||