Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-3021 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
network
low complexity
ibm CWE-200
2.7
2.7
2017-02-01 CVE-2016-0394 Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.
local
low complexity
ibm CWE-275
3.3
3.3
2017-02-01 CVE-2016-0297 Information Exposure vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.
network
high complexity
ibm CWE-200
3.7
3.7
2017-02-01 CVE-2016-0296 Information Exposure Through Log Files vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.
local
low complexity
ibm CWE-532
3.3
3.3
2017-01-30 CVE-2015-8034 Information Exposure vulnerability in Saltstack Salt
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
local
low complexity
saltstack CWE-200
3.3
3.3
2017-01-27 CVE-2017-3323 Improper Input Validation vulnerability in Oracle Mysql Cluster
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General).
network
high complexity
oracle CWE-20
3.7
3.7
2017-01-27 CVE-2017-3322 Unspecified vulnerability in Oracle Mysql Cluster
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI).
network
high complexity
oracle
3.7
3.7
2017-01-27 CVE-2017-3321 Improper Input Validation vulnerability in Oracle Mysql Cluster
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General).
network
high complexity
oracle CWE-20
3.7
3.7
2017-01-27 CVE-2017-3320 Unspecified vulnerability in Oracle Mysql
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).
network
low complexity
oracle
2.4
2.4
2017-01-27 CVE-2017-3319 Information Exposure vulnerability in Oracle Mysql
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin).
network
high complexity
oracle CWE-200
3.1
3.1