Total
3247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5702 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | |||||
| CVE-2015-7519 | 1 Phusionpassenger | 1 Phusion Passenger | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header. | |||||
| CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | |||||
| CVE-2015-8946 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3426 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 4.3 MEDIUM | 3.1 LOW |
| Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | |||||
| CVE-2016-5498 | 1 Oracle | 1 Database Server | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499. | |||||
| CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | |||||
| CVE-2015-4958 | 1 Ibm | 1 Infosphere Master Data Management | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. | |||||
| CVE-2016-5499 | 1 Oracle | 1 Database Server | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. | |||||
| CVE-2015-4989 | 1 Ibm | 1 Tealeaf Customer Experience | 2023-12-10 | 5.0 MEDIUM | 3.7 LOW |
| The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name. | |||||
| CVE-2016-3711 | 1 Redhat | 2 Openshift, Openshift Origin | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | |||||
| CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
| CVE-2016-1748 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2023-12-10 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | |||||
| CVE-2016-4645 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-7960 | 1 Siemens | 1 Simatic Step 7 | 2023-12-10 | 1.9 LOW | 2.5 LOW |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2016-3759 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 3.3 LOW |
| The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | |||||
| CVE-2016-5615 | 1 Oracle | 1 Solaris | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. | |||||
| CVE-2016-8284 | 1 Oracle | 1 Mysql | 2023-12-10 | 1.2 LOW | 1.8 LOW |
| Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. | |||||
| CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |||||