Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3473 | 1 Oracle | 1 Business Intelligence Publisher | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
|
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2016-0090 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2025-04-12 | 2.1 LOW | 7.1 HIGH |
|
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
|
|||||
| CVE-2015-6355 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
|
|||||
| CVE-2016-9103 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
|
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
|
|||||
| CVE-2016-6420 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
|
|||||
| CVE-2015-5022 | 1 Ibm | 1 B2b Advanced Communications | 2025-04-12 | 4.3 MEDIUM | N/A |
|
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
|
|||||
| CVE-2016-6345 | 1 Redhat | 1 Resteasy | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
|
|||||
| CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
|
|||||
| CVE-2015-5860 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
|
|||||
| CVE-2014-8025 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
|
|||||
| CVE-2015-1148 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
|
|||||
| CVE-2016-0899 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | 3.5 LOW | 6.3 MEDIUM |
|
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
|
|||||
| CVE-2015-5749 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
|
|||||
| CVE-2016-5134 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 8.8 HIGH |
|
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
|
|||||
| CVE-2016-6682 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152501 and Qualcomm internal bug CR 1049615.
|
|||||
| CVE-2014-9593 | 1 Apache | 1 Cloudstack | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
|
|||||
| CVE-2016-4995 | 1 Theforeman | 1 Foreman | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
|
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
|
|||||
| CVE-2016-0703 | 1 Openssl | 1 Openssl | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
|
|||||
| CVE-2016-5603 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.
|
|||||
| CVE-2014-1690 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 2.6 LOW | N/A |
|
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.
|
|||||
| CVE-2015-1933 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | 2.1 LOW | N/A |
|
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unatte ...
Show More |
|||||
| CVE-2015-4229 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
|
|||||
| CVE-2016-5797 | 1 Tollgrade | 1 Lighthouse Sms | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.
|
|||||
| CVE-2015-5088 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5089, and CVE-2015-5092.
|
|||||
| CVE-2015-5892 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
|
|||||
| CVE-2015-1114 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 1.9 LOW | N/A |
|
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
|
|||||
| CVE-2016-5575 | 1 Oracle | 1 Common Applications | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module.
|
|||||
| CVE-2016-4578 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
|
|||||
| CVE-2015-3284 | 1 Openafs | 1 Openafs | 2025-04-12 | 2.1 LOW | N/A |
|
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
|
|||||
| CVE-2015-6627 | 1 Google | 1 Android | 2025-04-12 | 2.6 LOW | N/A |
|
The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743.
|
|||||
| CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Remote file download vulnerability in wptf-image-gallery v1.03
|
|||||
| CVE-2016-4169 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
|
|||||
| CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
|
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
|
|||||
| CVE-2014-3105 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
|
|||||
| CVE-2015-6628 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485.
|
|||||
| CVE-2014-3410 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
|
|||||
| CVE-2016-5244 | 4 Fedoraproject, Linux, Redhat and 1 more | 11 Fedora, Linux Kernel, Enterprise Linux and 8 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
|
|||||
| CVE-2015-7208 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.
|
|||||
| CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
|
|||||
| CVE-2015-1147 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||