Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-11 | CVE-2015-5313 | Path Traversal vulnerability in Redhat Libvirt Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. | 2.5 |
| 2016-04-08 | CVE-2016-2513 | Information Exposure vulnerability in Djangoproject Django The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | 3.1 |
| 2016-03-24 | CVE-2016-1773 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | 3.3 |
| 2016-03-24 | CVE-2016-1763 | Improper Input Validation vulnerability in Apple Iphone OS Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. | 3.5 |
| 2016-03-24 | CVE-2016-1758 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | 3.3 |
| 2016-03-24 | CVE-2016-1748 | Information Exposure vulnerability in Apple products IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 3.3 |
| 2016-03-18 | CVE-2016-3155 | Information Exposure vulnerability in Siemens Apogee Insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | 3.4 |
| 2016-03-14 | CVE-2016-0208 | Improper Access Control vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | 3.7 |
| 2016-03-09 | CVE-2016-0125 | Information Exposure vulnerability in Microsoft Edge Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability." | 3.1 |
| 2016-03-03 | CVE-2016-1356 | Credentials Management vulnerability in Cisco Firesight System Software 6.1.0 Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | 3.7 |