Total
8254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1858 | 2 Apple, Webkitgtk | 4 Iphone Os, Safari, Tvos and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2015-5223 | 1 Openstack | 1 Swift | 2024-02-04 | 5.0 MEDIUM | N/A |
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | |||||
CVE-2016-0079 | 1 Microsoft | 1 Windows 10 | 2024-02-04 | 2.1 LOW | 5.0 MEDIUM |
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability." | |||||
CVE-2016-0073 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-02-04 | 2.1 LOW | 5.0 MEDIUM |
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075. | |||||
CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2024-02-04 | 4.0 MEDIUM | N/A |
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | |||||
CVE-2016-3649 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. | |||||
CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
CVE-2016-0956 | 5 Adobe, Apache, Apple and 2 more | 5 Experience Manager, Sling, Mac Os X and 2 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-4747 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. | |||||
CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
CVE-2015-7305 | 1 Ows | 1 Scald | 2024-02-04 | 5.0 MEDIUM | N/A |
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context." | |||||
CVE-2015-5712 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-02-04 | 4.0 MEDIUM | N/A |
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. | |||||
CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2016-5500 | 1 Oracle | 1 Discoverer | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. | |||||
CVE-2015-7998 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2024-02-04 | 5.0 MEDIUM | N/A |
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-2513 | 1 Djangoproject | 1 Django | 2024-02-04 | 2.6 LOW | 3.1 LOW |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | |||||
CVE-2016-3852 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | |||||
CVE-2016-1802 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. | |||||
CVE-2015-7470 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information. |