Total
2874 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5233 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. | |||||
CVE-2016-2091 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. | |||||
CVE-2016-1133 | 1 Dena | 1 H2o | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI. | |||||
CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | |||||
CVE-2015-7436 | 1 Ibm | 1 Tivoli Common Reporting | 2024-02-04 | 1.9 LOW | 2.5 LOW |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. | |||||
CVE-2016-5618 | 1 Oracle | 1 Data Integrator | 2024-02-04 | 3.5 LOW | 3.1 LOW |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | |||||
CVE-2016-3490 | 1 Oracle | 1 Transportation Management | 2024-02-04 | 3.5 LOW | 3.0 LOW |
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database. | |||||
CVE-2016-3426 | 1 Oracle | 2 Jdk, Jre | 2024-02-04 | 4.3 MEDIUM | 3.1 LOW |
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | |||||
CVE-2016-1212 | 1 Futomi | 1 Mp Form Mail Cgi | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||||
CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | |||||
CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-6224 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2024-02-04 | 2.1 LOW | 3.3 LOW |
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | |||||
CVE-2016-3291 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-02-04 | 2.6 LOW | 2.4 LOW |
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
CVE-2015-7455 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.0 MEDIUM | 3.1 LOW |
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. | |||||
CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
CVE-2016-4379 | 1 Hp | 2 Integrated Lights-out 3, Integrated Lights-out 3 Firmware | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. | |||||
CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-02-04 | 2.1 LOW | 3.3 LOW |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2016-2057 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 2.1 LOW | 3.3 LOW |
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. | |||||
CVE-2016-1183 | 1 Nttdata | 1 Terasoluna Server Framework For Java Web | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. |