Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4207 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
|
|||||
| CVE-2015-1480 | 1 Manageengine | 1 Servicedesk Plus | 2025-04-12 | 4.0 MEDIUM | N/A |
|
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
|
|||||
| CVE-2015-2286 | 1 Edx | 1 Open Edx | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
|
|||||
| CVE-2014-9046 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
|
|||||
| CVE-2015-2335 | 1 Mybb | 1 Mybb | 2025-04-12 | 5.0 MEDIUM | N/A |
|
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
|
|||||
| CVE-2015-5506 | 1 Apache Solr Real-time Project | 1 Apache Solr Real-time | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search.
|
|||||
| CVE-2015-2440 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."
|
|||||
| CVE-2015-3711 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
|
|||||
| CVE-2014-4027 | 5 Canonical, F5, Linux and 2 more | 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more | 2025-04-12 | 2.3 LOW | N/A |
|
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
|
|||||
| CVE-2015-7327 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.
|
|||||
| CVE-2016-0823 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
|
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
|
|||||
| CVE-2015-7000 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.
|
|||||
| CVE-2015-8253 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.
|
|||||
| CVE-2016-7555 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
|
|||||
| CVE-2016-2084 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more | 2025-04-12 | 4.0 MEDIUM | 7.4 HIGH |
|
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerato ...
Show More |
|||||
| CVE-2016-7397 | 1 Sophos | 1 Unified Threat Management Software | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
|
|||||
| CVE-2016-2940 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors.
|
|||||
| CVE-2014-7195 | 1 Tibco | 3 Silver Fabric Enabler, Spotfire Deployment Kit, Spotfire Web Player | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-7090 | 1 Siemens | 4 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.0 MEDIUM |
|
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
|||||
| CVE-2016-5946 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2015-6109 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 2.1 LOW | N/A |
|
The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
|
|||||
| CVE-2015-7438 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
|
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.
|
|||||
| CVE-2016-3312 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 5.0 MEDIUM | 9.1 CRITICAL |
|
ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."
|
|||||
| CVE-2016-2425 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
|
|||||
| CVE-2013-3984 | 1 Ibm | 1 Sametime | 2025-04-12 | 2.9 LOW | N/A |
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
|||||
| CVE-2014-7243 | 1 Lg | 3 L-03e, L-04d, L-09c | 2025-04-12 | 5.0 MEDIUM | N/A |
|
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-3727 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
|
|||||
| CVE-2014-8487 | 1 Kony | 1 Enterprise Mobile Management | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm.
|
|||||
| CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-7278 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
|
|||||
| CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
|
|||||
| CVE-2014-9579 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | 5.0 MEDIUM | N/A |
|
VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.
|
|||||
| CVE-2016-5233 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.
|
|||||
| CVE-2016-6613 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 2.1 LOW | 5.3 MEDIUM |
|
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
|||||
| CVE-2014-0217 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
|
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.
|
|||||
| CVE-2015-5267 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
|
|||||
| CVE-2011-5314 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | 5.0 MEDIUM | N/A |
|
templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
|
|||||
| CVE-2016-6689 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
|
|||||
| CVE-2014-5427 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
|
|||||