Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1758 Information Exposure vulnerability in Apple Iphone OS
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
local
low complexity
apple CWE-200
3.3
2016-03-24 CVE-2016-1748 Information Exposure vulnerability in Apple products
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
local
low complexity
apple CWE-200
3.3
2016-03-18 CVE-2016-3155 Information Exposure vulnerability in Siemens Apogee Insight
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
local
low complexity
siemens CWE-200
3.4
2016-03-14 CVE-2016-0208 Improper Access Control vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.
network
high complexity
ibm CWE-284
3.7
2016-03-09 CVE-2016-0125 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-03-03 CVE-2016-1356 Credentials Management vulnerability in Cisco Firesight System Software 6.1.0
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
network
high complexity
cisco CWE-255
3.7
2016-03-03 CVE-2015-7490 Improper Access Control vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.
network
high complexity
ibm CWE-284
3.1
2016-02-29 CVE-2015-7455 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.
network
high complexity
ibm CWE-264
3.1
2016-02-16 CVE-2015-7576 7PK - Security Features vulnerability in Rubyonrails Ruby on Rails
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.
network
high complexity
rubyonrails CWE-254
3.7
2016-02-15 CVE-2016-0701 Information Exposure vulnerability in Openssl
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
network
high complexity
openssl CWE-200
3.7