Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2952 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-2949 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 2.1 LOW | 3.3 LOW |
| IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | |||||
| CVE-2016-2940 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2016-12-03 | 5.5 MEDIUM | 8.1 HIGH |
| IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-2244 | 1 Hp | 55 A2w75a, A2w76a, A2w77a and 52 more | 2016-12-03 | 5.0 MEDIUM | 5.9 MEDIUM |
| HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1994 | 1 Hp | 1 System Management Homepage | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1992 | 1 Hp | 2 Enterprise Security Manager, Enterprise Security Manager Express | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1967 | 1 Mozilla | 1 Firefox | 2016-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. | |||||
| CVE-2016-1780 | 1 Apple | 1 Iphone Os | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | |||||
| CVE-2016-1764 | 1 Apple | 1 Mac Os X | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | |||||
| CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 4.3 MEDIUM | 3.3 LOW |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
| CVE-2016-1378 | 1 Cisco | 1 Ios | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. | |||||
| CVE-2016-1360 | 1 Cisco | 1 Prime Lan Management Solution | 2016-12-03 | 3.0 LOW | 7.1 HIGH |
| Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. | |||||
| CVE-2016-1325 | 1 Cisco | 3 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware, Dpc3941 Wireless Residential Voice Gateway | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | |||||
| CVE-2016-1035 | 1 Adobe | 1 Robohelp | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8791 | 1 Matroska | 1 Libebml | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | |||||
| CVE-2015-7915 | 1 Sauter | 1 Moduweb Vision | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-3231 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-12-03 | 4.0 MEDIUM | N/A |
| The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | |||||
| CVE-2015-3010 | 1 Ceph | 1 Ceph-deploy | 2016-12-03 | 2.1 LOW | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2015-2855 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2016-12-03 | 4.3 MEDIUM | N/A |
| The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. | |||||