Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9893 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | |||||
| CVE-2014-9892 | 2 Google, Linux | 2 Android, Linux Kernel | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717. | |||||
| CVE-2014-5325 | 1 Directwebremoting | 1 Direct Web Remoting | 2016-11-28 | 5.0 MEDIUM | N/A |
| The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4702 | 1 Nagios | 1 Nagios | 2016-11-28 | 2.1 LOW | N/A |
| The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | |||||
| CVE-2014-4701 | 1 Nagios | 1 Nagios | 2016-11-28 | 2.1 LOW | N/A |
| The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | |||||
| CVE-2014-0919 | 1 Ibm | 1 Db2 | 2016-11-28 | 4.0 MEDIUM | N/A |
| IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | |||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2016-11-04 | 5.0 MEDIUM | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | |||||
| CVE-2015-1000008 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2016-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | |||||
| CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2016-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in wptf-image-gallery v1.03 | |||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2016-10-18 | 5.0 MEDIUM | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2016-10-18 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
| CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2016-10-18 | 5.0 MEDIUM | N/A |
| Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | |||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
| CVE-2016-2307 | 1 American Auto-matrix | 2 Aspect-matrix Building Automation Front-end Solutions Application, Aspect-nexus Building Automation Front-end Solutions Application | 2016-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. | |||||
| CVE-2015-0800 | 2 Google, Mozilla | 2 Android, Firefox | 2016-10-04 | 5.0 MEDIUM | N/A |
| The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. | |||||
| CVE-2014-0059 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2016-10-01 | 2.1 LOW | N/A |
| JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-8336 | 1 Huawei | 2 Fusioncompute, Fusioncompute Firmware | 2016-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||||
| CVE-2016-5722 | 1 Huawei | 8 Ocean Stor 18500 V3, Ocean Stor 18800 V3, Ocean Stor 5300 V3 and 5 more | 2016-09-29 | 7.5 HIGH | 7.3 HIGH |
| Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | |||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2016-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||||