Total
8247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5390 | 1 Theforeman | 1 Foreman | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces. | |||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. | |||||
| CVE-2016-1687 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. | |||||
| CVE-2016-1764 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||||
| CVE-2015-5898 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-04 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||||
| CVE-2015-8268 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-3269 | 2 Adobe, Hp | 2 Livecycle Data Services, Business Service Management | 2024-02-04 | 5.0 MEDIUM | N/A |
| Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-3923 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. | |||||
| CVE-2016-5927 | 1 Ibm | 1 Tivoli Storage Manager For Space Management | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output. | |||||
| CVE-2016-2149 | 1 Redhat | 1 Openshift | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | |||||
| CVE-2015-2136 | 1 Hp | 1 Arcsight Logger | 2024-02-04 | 4.0 MEDIUM | N/A |
| HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | |||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | |||||
| CVE-2016-1785 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2016-1780 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | |||||
| CVE-2015-8148 | 1 Symantec | 1 Encryption Management Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||||
| CVE-2016-2498 | 1 Google | 2 Android, Nexus 7 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162. | |||||
| CVE-2016-3312 | 1 Microsoft | 1 Windows 10 | 2024-02-04 | 5.0 MEDIUM | 9.1 CRITICAL |
| ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability." | |||||
| CVE-2015-6404 | 1 Cisco | 1 Hosted Collaboration Solution | 2024-02-04 | 4.0 MEDIUM | N/A |
| Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | |||||
| CVE-2015-6088 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||||
| CVE-2016-2882 | 1 Ibm | 1 Tririga Application Platform | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | |||||