Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | 5.0 MEDIUM | 3.7 LOW |
|
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
|
|||||
| CVE-2016-0247 | 1 Ibm | 1 Security Guardium | 2025-04-12 | 2.1 LOW | 7.8 HIGH |
|
IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.
|
|||||
| CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
|
|||||
| CVE-2014-6323 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."
|
|||||
| CVE-2016-4771 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
|
|||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.8 MEDIUM | 5.4 MEDIUM |
|
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
|
|||||
| CVE-2015-5697 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 2.1 LOW | N/A |
|
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
|
|||||
| CVE-2016-7204 | 1 Microsoft | 1 Edge | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
|
|||||
| CVE-2015-6474 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2025-04-12 | 5.0 MEDIUM | N/A |
|
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.
|
|||||
| CVE-2015-1109 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
|
|||||
| CVE-2016-7220 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 2.1 LOW | 3.3 LOW |
|
Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."
|
|||||
| CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
|
|||||
| CVE-2013-5760 | 1 Qnap | 2 Photo Station, Photo Station Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
|
|||||
| CVE-2016-3918 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.
|
|||||
| CVE-2016-3267 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
|
|||||
| CVE-2013-7329 | 1 Perl | 1 Cgi Application Module | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
|
|||||
| CVE-2016-7386 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.
|
|||||
| CVE-2016-4486 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2025-04-12 | 2.1 LOW | 3.3 LOW |
|
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
|
|||||
| CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
|
|||||
| CVE-2014-9225 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
|
|||||
| CVE-2015-5610 | 1 Solarwinds | 1 N-able N-central | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
|
|||||
| CVE-2016-5137 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change afte ...
Show More |
|||||
| CVE-2015-6328 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
|
|||||
| CVE-2016-1563 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
|
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
|
|||||
| CVE-2016-2311 | 1 Blackbox | 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.
|
|||||
| CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.
|
|||||
| CVE-2015-6161 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
|
|||||
| CVE-2015-8791 | 1 Matroska | 1 Libebml | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
|
|||||
| CVE-2015-4053 | 1 Ceph | 1 Ceph-deploy | 2025-04-12 | 2.1 LOW | N/A |
|
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
|
|||||
| CVE-2015-0211 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
|
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.
|
|||||
| CVE-2014-4876 | 1 Toshiba | 1 4690 Operating System | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138.
|
|||||
| CVE-2015-2997 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
|
|||||
| CVE-2015-3180 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
|
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.
|
|||||
| CVE-2015-1618 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.
|
|||||
| CVE-2016-5976 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 2.6 LOW | 4.9 MEDIUM |
|
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors.
|
|||||
| CVE-2016-4620 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
|
|||||
| CVE-2014-4747 | 1 Ibm | 1 Sametime | 2025-04-12 | 2.1 LOW | N/A |
|
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.
|
|||||
| CVE-2014-9354 | 1 Netapp | 1 Oncommand Balance | 2025-04-12 | 4.0 MEDIUM | N/A |
|
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
|
|||||
| CVE-2016-1185 | 1 Cybozu | 1 Kintone | 2025-04-12 | 2.6 LOW | 2.5 LOW |
|
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
|
|||||