Total
8267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8940 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. | |||||
| CVE-2016-8217 | 1 Dell | 1 Bsafe Crypto-j | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601. | |||||
| CVE-2016-6753 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174. | |||||
| CVE-2016-3023 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. | |||||
| CVE-2015-5073 | 2 Ibm, Pcre | 2 Powerkvm, Pcre | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | |||||
| CVE-2016-7634 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible. | |||||
| CVE-2016-9725 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539. | |||||
| CVE-2016-7233 | 1 Microsoft | 9 Excel For Mac, Office, Office Compatibility Pack and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2016-5059 | 1 Osram | 1 Lightify Pro | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. | |||||
| CVE-2016-4869 | 1 Cybozu | 1 Office | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |||||
| CVE-2016-2931 | 1 Ibm | 1 Bigfix Remote Control | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2017-0175 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 2.1 LOW | 4.7 MEDIUM |
| The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259. | |||||
| CVE-2017-0167 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability." | |||||
| CVE-2016-3732 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. | |||||
| CVE-2016-8313 | 1 Oracle | 1 Flexcube Private Banking | 2024-02-04 | 3.5 LOW | 4.1 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts). | |||||
| CVE-2016-9286 | 1 Exponentcms | 1 Exponent Cms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | |||||
| CVE-2016-9201 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M. | |||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2016-4806 | 1 Web2py | 1 Web2py | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | |||||
| CVE-2017-5610 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. | |||||