Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.
|
|||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
|
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
|
|||||
| CVE-2015-8005 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.
|
|||||
| CVE-2016-0242 | 1 Ibm | 1 Security Guardium | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
|
|||||
| CVE-2016-2151 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.
|
|||||
| CVE-2014-3081 | 1 Ibm | 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-12 | 6.3 MEDIUM | N/A |
|
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
|
|||||
| CVE-2016-2294 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.
|
|||||
| CVE-2015-6641 | 1 Google | 1 Android | 2025-04-12 | 2.9 LOW | 3.1 LOW |
|
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
|
|||||
| CVE-2016-4785 | 1 Siemens | 9 Siprotec 4 En100, Siprotec Compact Model, Siprotec Compact Model 7rw80 and 6 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected dev ...
Show More |
|||||
| CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.
|
|||||
| CVE-2016-0252 | 1 Ibm | 2 Control Center, Sterling Control Center | 2025-04-12 | 1.9 LOW | 5.1 MEDIUM |
|
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.
|
|||||
| CVE-2016-3813 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.
|
|||||
| CVE-2015-6727 | 2 Canonical, Mediawiki | 2 Ubuntu Linux, Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
|
|||||
| CVE-2016-1410 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
|
|||||
| CVE-2014-8032 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.
|
|||||
| CVE-2015-7314 | 1 Gollum Project | 1 Gollum | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
|
|||||
| CVE-2015-2206 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | N/A |
|
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
|
|||||
| CVE-2015-5884 | 1 Apple | 1 Mac Os X | 2025-04-12 | 3.3 LOW | N/A |
|
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
|
|||||
| CVE-2014-2983 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
|
|||||
| CVE-2014-3103 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
|||||
| CVE-2014-6134 | 1 Ibm | 2 Installation Manager, Rational Clearcase | 2025-04-12 | 1.2 LOW | N/A |
|
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
|
|||||
| CVE-2015-8553 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
|
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
|
|||||
| CVE-2015-0757 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
|
|||||
| CVE-2015-7186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.
|
|||||
| CVE-2016-0232 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
|
|||||
| CVE-2014-4875 | 1 Toshiba | 1 Chec | 2025-04-12 | 5.0 MEDIUM | N/A |
|
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
|
|||||
| CVE-2016-0201 | 1 Ibm | 1 Security Network Protection Firmware | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
|
|||||
| CVE-2012-5508 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
|
|||||
| CVE-2014-6164 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
|
|||||
| CVE-2016-2513 | 1 Djangoproject | 1 Django | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
|
|||||
| CVE-2016-2931 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
|||||
| CVE-2012-5497 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
|
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
|
|||||
| CVE-2016-0364 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
|
|||||
| CVE-2016-3895 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.
|
|||||
| CVE-2015-7195 | 1 Mozilla | 1 Firefox | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.
|
|||||
| CVE-2016-4521 | 1 Sixnet | 4 Bt-5 Series Cellular Router, Bt-5 Series Cellular Router Firmware, Bt-6 Series Cellular Router and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
|
|||||
| CVE-2016-1772 | 1 Apple | 1 Safari | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
|
|||||
| CVE-2014-1515 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 1.9 LOW | N/A |
|
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.
|
|||||
| CVE-2016-1582 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
|
|||||
| CVE-2016-6748 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30076504. References: Qualcomm QC-CR#987018.
|
|||||