Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1790 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
local
low complexity
apple CWE-119
3.3
2016-05-18 CVE-2016-0707 Permissions, Privileges, and Access Controls vulnerability in Apache Ambari
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
local
low complexity
apache CWE-264
3.3
2016-05-11 CVE-2016-0175 Information Exposure vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3
2016-05-06 CVE-2015-0858 Link Following vulnerability in multiple products
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
local
low complexity
debian tardiff-project CWE-59
3.3
2016-05-05 CVE-2016-4534 Permissions, Privileges, and Access Controls vulnerability in multiple products
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
local
high complexity
mcafee microsoft CWE-264
3.0
2016-05-05 CVE-2016-3716 Permissions, Privileges, and Access Controls vulnerability in multiple products
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
local
low complexity
canonical imagemagick redhat CWE-264
3.3
2016-04-25 CVE-2016-1185 Information Exposure vulnerability in Cybozu Kintone
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
local
high complexity
cybozu CWE-200
2.5
2016-04-25 CVE-2016-4053 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
network
high complexity
squid-cache oracle canonical CWE-119
3.7
2016-04-21 CVE-2016-3428 Unspecified vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.
high complexity
oracle
3.1
2016-04-21 CVE-2016-3426 Unspecified vulnerability in Oracle JDK and JRE
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
network
high complexity
oracle
3.1