ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
Max CVSS
6.5
EPSS Score
0.15%
Published
2015-12-30
Updated
2016-11-28
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
Max CVSS
5.3
EPSS Score
0.34%
Published
2015-12-26
Updated
2016-12-07
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.
Max CVSS
3.5
EPSS Score
0.10%
Published
2015-12-17
Updated
2015-12-18
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.17%
Published
2015-12-17
Updated
2015-12-18
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2017-11-04
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass the ASLR protection mechanism via JIT data, a different vulnerability than CVE-2015-8409 and CVE-2015-8440.
Max CVSS
4.3
EPSS Score
0.28%
Published
2015-12-10
Updated
2017-02-17
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-02
Updated
2023-02-16
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
Max CVSS
4.0
EPSS Score
0.14%
Published
2015-12-28
Updated
2018-01-05
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.
Max CVSS
4.3
EPSS Score
0.18%
Published
2015-12-27
Updated
2015-12-28
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.
Max CVSS
5.9
EPSS Score
0.31%
Published
2015-12-27
Updated
2015-12-28
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Max CVSS
5.0
EPSS Score
0.73%
Published
2015-12-07
Updated
2016-12-07
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
Max CVSS
7.5
EPSS Score
1.77%
Published
2015-12-03
Updated
2018-10-30
Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.27%
Published
2015-12-23
Updated
2016-11-28
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.
Max CVSS
8.6
EPSS Score
0.26%
Published
2015-12-24
Updated
2016-11-28
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
8.6
EPSS Score
0.23%
Published
2015-12-24
Updated
2016-11-28
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support.
Max CVSS
8.7
EPSS Score
0.13%
Published
2015-12-24
Updated
2016-11-28
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Max CVSS
5.0
EPSS Score
0.17%
Published
2015-12-23
Updated
2016-12-07
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
8.5
EPSS Score
0.23%
Published
2015-12-23
Updated
2016-12-07
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.
Max CVSS
9.9
EPSS Score
0.42%
Published
2015-12-23
Updated
2016-12-07
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
Max CVSS
9.3
EPSS Score
0.45%
Published
2015-12-21
Updated
2015-12-21
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-12-30
Updated
2015-12-30
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.
Max CVSS
5.3
EPSS Score
0.41%
Published
2015-12-27
Updated
2016-11-28
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.33%
Published
2015-12-31
Updated
2016-12-07
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!