Skip to main content
CVE-2015-5677 MEDIUM POC PATCH This Month

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5372 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Snap Creator Framework
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2016-6092 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-6096 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6495 MEDIUM PATCH This Month

NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Data Ontap
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-3020 MEDIUM PATCH This Month

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager For Web 7 0 Firmware Security Access Manager For Web 8 0 Firmware Security Access Manager For Mobile +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3124 MEDIUM PATCH This Month

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Simplesamlphp
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-2781 MEDIUM This Month

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Coreutils
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2016-6094 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6097 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager Tivoli Key Lifecycle Manager
NVD
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy