CVE-2016-1500

LOW Year: 2016
CVSS v3 Score
3.1
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.

Related Vulnerabilities

CVE-2015-4078

LOW
CVSS:3.1(Low)

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data vi...

CWE-2002015

CVE-2015-5070

LOW
CVSS:3.1(Low)

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensi...

CWE-2002015

CVE-2015-6641

LOW
CVSS:3.1(Low)

Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.

CWE-2002015

CVE-2015-8481

LOW
CVSS:3.1(Low)

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup re...

CWE-2002015

CVE-2016-0125

LOW
CVSS:3.1(Low)

Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Di...

CWE-2002016

CVE-2016-2513

LOW
CVSS:3.1(Low)

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

CWE-2002016