Total
3032 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5508 | 1 Oracle | 1 Solaris Cluster | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo. | |||||
| CVE-2016-4511 | 1 Abb | 1 Pcm600 | 2023-12-10 | 1.9 LOW | 2.8 LOW |
| ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3272 | 1 Microsoft | 4 Windows 10, Windows 7, Windows Rt 8.1 and 1 more | 2023-12-10 | 2.1 LOW | 2.8 LOW |
| The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability." | |||||
| CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2015-7436 | 1 Ibm | 1 Tivoli Common Reporting | 2023-12-10 | 1.9 LOW | 2.5 LOW |
| IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. | |||||
| CVE-2016-4740 | 1 Apple | 1 Iphone Os | 2023-12-10 | 1.9 LOW | 2.9 LOW |
| Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-0701 | 1 Openssl | 1 Openssl | 2023-12-10 | 2.6 LOW | 3.7 LOW |
| The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. | |||||
| CVE-2015-7884 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 1.9 LOW | 2.3 LOW |
| The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
| CVE-2016-3763 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 3.3 LOW |
| net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919. | |||||
| CVE-2015-4962 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
| Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-0385 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 3.5 LOW | 3.1 LOW |
| Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | |||||
| CVE-2015-7886 | 1 Netapp | 1 Data Ontap | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. | |||||
| CVE-2016-5460 | 1 Oracle | 1 Siebel Core-server Framework | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466. | |||||
| CVE-2016-0691 | 1 Oracle | 1 Database | 2023-12-10 | 4.0 MEDIUM | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690. | |||||
| CVE-2016-3474 | 1 Oracle | 1 Business Intelligence Publisher | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security. | |||||
| CVE-2014-4876 | 1 Toshiba | 1 4690 Operating System | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | |||||
| CVE-2016-5480 | 1 Oracle | 1 Solaris | 2023-12-10 | 1.9 LOW | 2.8 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. | |||||
| CVE-2016-5462 | 1 Oracle | 1 Siebel Core-server Framework | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. | |||||