Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-02 | CVE-2015-7436 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Common Reporting IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves user permissions across group-add and group-remove operations, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging administrative changes to group membership. | 2.5 |
| 2016-01-02 | CVE-2015-7435 | 7PK - Security Features vulnerability in IBM Tivoli Common Reporting IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. | 2.5 |
| 2016-01-02 | CVE-2015-4989 | Information Exposure vulnerability in IBM Tealeaf Customer Experience The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name. | 3.7 |
| 2016-01-01 | CVE-2015-7421 | Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. | 3.7 |
| 2016-01-01 | CVE-2015-7420 | Information Exposure vulnerability in IBM MQ Appliance M2000 8.0.0.3 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | 3.7 |
| 2015-12-31 | CVE-2014-4876 | Information Exposure vulnerability in Toshiba 4690 Operating System 6.3 Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | 3.7 |
| 2015-12-28 | CVE-2015-8569 | Information Exposure vulnerability in Linux Kernel The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-7885 | Information Exposure vulnerability in Linux Kernel The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-7884 | Information Exposure vulnerability in Linux Kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.3 |
| 2015-12-27 | CVE-2015-8253 | Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. | 3.7 |