Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0864 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-05-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. | |||||
| CVE-2016-1199 | 1 Lockon | 1 Ec-cube | 2016-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | |||||
| CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2016-05-05 | 2.1 LOW | 5.5 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | |||||
| CVE-2016-2304 | 1 Ecava | 1 Integraxor | 2016-04-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2016-2294 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2016-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. | |||||
| CVE-2016-3688 | 1 Dotcms | 1 Dotcms | 2016-04-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. | |||||
| CVE-2016-2302 | 1 Ecava | 1 Integraxor | 2016-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | |||||
| CVE-2016-2425 | 1 Google | 1 Android | 2016-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. | |||||
| CVE-2016-2426 | 1 Google | 1 Android | 2016-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. | |||||
| CVE-2016-2084 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more | 2016-04-21 | 4.0 MEDIUM | 7.4 HIGH |
| F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. | |||||
| CVE-2016-2415 | 1 Google | 1 Android | 2016-04-21 | 7.1 HIGH | 5.5 MEDIUM |
| exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. | |||||
| CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | |||||
| CVE-2016-3686 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge Gateway | 2016-04-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect. | |||||
| CVE-2016-3170 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-04-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. | |||||
| CVE-2014-1571 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-07 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. | |||||
| CVE-2016-0871 | 1 Eaton Lighting Systems | 1 Eg2 Web Control | 2016-04-07 | 5.0 MEDIUM | 7.5 HIGH |
| Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | |||||
| CVE-2014-8762 | 1 Dokuwiki | 1 Dokuwiki | 2016-04-04 | 5.0 MEDIUM | N/A |
| The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | |||||
| CVE-2016-2509 | 1 Belden | 6 Hirschmann Firmware, Hirschmann L2b, Hirschmann L2e and 3 more | 2016-03-22 | 2.9 LOW | 5.3 MEDIUM |
| The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-2286 | 1 Edx | 1 Open Edx | 2016-03-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site. | |||||