Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7442 | 1 Sophos | 1 Unified Threat Management Software | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
|
|||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
|
|||||
| CVE-2015-0922 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | 5.0 MEDIUM | N/A |
|
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
|
|||||
| CVE-2015-7368 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 2.1 LOW | N/A |
|
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
|
|||||
| CVE-2015-3764 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
|
|||||
| CVE-2015-6622 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23905002.
|
|||||
| CVE-2015-1890 | 1 Ibm | 1 General Parallel File System | 2025-04-12 | 3.5 LOW | N/A |
|
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
|
|||||
| CVE-2016-2999 | 1 Ibm | 1 Connections | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack.
|
|||||
| CVE-2015-4138 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
|
|||||
| CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
|
|||||
| CVE-2016-2026 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
|
|||||
| CVE-2015-1488 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
|
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
|
|||||
| CVE-2016-1780 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
|
|||||
| CVE-2016-5172 | 3 Debian, Google, Nodejs | 3 Debian Linux, Chrome, Node.js | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
|
|||||
| CVE-2015-4551 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
|
|||||
| CVE-2015-2209 | 1 Dlguard | 1 Dlguard | 2025-04-12 | 5.0 MEDIUM | N/A |
|
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.
|
|||||
| CVE-2014-0746 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
|
|||||
| CVE-2016-3002 | 1 Ibm | 1 Connections | 2025-04-12 | 2.1 LOW | 2.1 LOW |
|
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
|
|||||
| CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
|
|||||
| CVE-2016-4536 | 1 Openafs | 1 Openafs | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
|
|||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 4.9 MEDIUM | 4.4 MEDIUM |
|
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
|
|||||
| CVE-2015-3448 | 1 Rest-client Project | 1 Rest-client | 2025-04-12 | 2.1 LOW | N/A |
|
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
|
|||||
| CVE-2015-0822 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
|
|||||
| CVE-2015-8268 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-1785 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
|
|||||
| CVE-2015-5854 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
|
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
|
|||||
| CVE-2016-1295 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
|
|||||
| CVE-2015-7437 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-0389 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-2498 | 1 Google | 2 Android, Nexus 7 | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
|
|||||
| CVE-2015-5768 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
|
|||||
| CVE-2014-1571 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
|
|||||
| CVE-2016-3809 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
|
|||||
| CVE-2015-4945 | 1 Ibm | 1 Maximo Anywhere | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application.
|
|||||
| CVE-2016-2458 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.
|
|||||
| CVE-2015-1482 | 1 Ansible | 1 Tower | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
|
|||||
| CVE-2015-4996 | 1 Ibm | 1 Rational Clearquest | 2025-04-12 | 3.6 LOW | 5.1 MEDIUM |
|
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
|
|||||
| CVE-2016-7917 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.3 MEDIUM | 5.0 MEDIUM |
|
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
|
|||||
| CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
|
|||||
| CVE-2015-2913 | 1 Orientdb | 1 Orientdb | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
|
|||||