Total
3244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |||||
CVE-2016-4593 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | |||||
CVE-2016-8288 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.9 MEDIUM | 3.1 LOW |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |||||
CVE-2015-6641 | 1 Google | 1 Android | 2023-12-10 | 2.9 LOW | 3.1 LOW |
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||||
CVE-2016-3155 | 1 Siemens | 1 Apogee Insight | 2023-12-10 | 3.6 LOW | 3.4 LOW |
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | |||||
CVE-2015-7885 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 2.3 LOW |
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
CVE-2016-0259 | 1 Ibm | 1 Websphere Mq | 2023-12-10 | 2.1 LOW | 2.5 LOW |
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |||||
CVE-2016-1183 | 1 Nttdata | 1 Terasoluna Server Framework For Java Web | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | |||||
CVE-2016-0671 | 1 Oracle | 1 Http Server | 2023-12-10 | 2.6 LOW | 3.7 LOW |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | |||||
CVE-2016-1790 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
CVE-2015-8569 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 1.9 LOW | 2.3 LOW |
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | |||||
CVE-2016-0248 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||||
CVE-2016-5618 | 1 Oracle | 1 Data Integrator | 2023-12-10 | 3.5 LOW | 3.1 LOW |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | |||||
CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2023-12-10 | 1.9 LOW | 2.5 LOW |
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
CVE-2015-7759 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 5 more | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery. | |||||
CVE-2015-7473 | 1 Ibm | 1 Websphere Mq | 2023-12-10 | 2.1 LOW | 2.5 LOW |
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | |||||
CVE-2016-8286 | 1 Oracle | 1 Mysql | 2023-12-10 | 3.5 LOW | 3.1 LOW |
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. | |||||
CVE-2016-1791 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
CVE-2016-7437 | 1 Sap | 1 Netweaver | 2023-12-10 | 2.1 LOW | 3.3 LOW |
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
CVE-2015-7548 | 1 Openstack | 1 Nova | 2023-12-10 | 2.1 LOW | 3.5 LOW |
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. |