Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9285 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | |||||
| CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2017-07-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||
| CVE-2016-9286 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | |||||
| CVE-2016-9284 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | |||||
| CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2017-07-26 | 2.3 LOW | 4.8 MEDIUM |
| In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | |||||
| CVE-2016-7634 | 1 Apple | 1 Iphone Os | 2017-07-26 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible. | |||||
| CVE-2016-7600 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. | |||||
| CVE-2016-7653 | 1 Apple | 1 Iphone Os | 2017-07-26 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access. | |||||
| CVE-2016-7599 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. | |||||
| CVE-2016-7586 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2016-7620 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2016-7624 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2016-7664 | 1 Apple | 1 Iphone Os | 2017-07-26 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access. | |||||
| CVE-2016-7598 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
| CVE-2016-7625 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2016-7623 | 1 Apple | 2 Iphone Os, Safari | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site. | |||||
| CVE-2016-7608 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2016-7172 | 1 Netapp | 1 Snap Creator Framework | 2017-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | |||||
| CVE-2016-7592 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. | |||||
| CVE-2016-8741 | 1 Apache | 1 Qpid Java | 2017-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256. | |||||