Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0194 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
|
|||||
| CVE-2015-7787 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2025-04-12 | 3.3 LOW | 4.3 MEDIUM |
|
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
|
|||||
| CVE-2015-1977 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2014-0965 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
|
|||||
| CVE-2016-5611 | 1 Oracle | 1 Vm Virtualbox | 2025-04-12 | 2.1 LOW | 4.3 MEDIUM |
|
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.
|
|||||
| CVE-2016-0828 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
|
|||||
| CVE-2014-8524 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | 5.0 MEDIUM | N/A |
|
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-3304 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
|
|||||
| CVE-2015-3099 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 ...
Show More |
|||||
| CVE-2016-0267 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
|
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.
|
|||||
| CVE-2014-2749 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
|
|||||
| CVE-2016-7108 | 1 Huawei | 1 Uma | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
|
|||||
| CVE-2015-4949 | 1 Ibm | 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2025-04-12 | 2.1 LOW | N/A |
|
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
|
|||||
| CVE-2016-2499 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
|
|||||
| CVE-2015-7305 | 1 Ows | 1 Scald | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."
|
|||||
| CVE-2015-7399 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.
|
|||||
| CVE-2016-5097 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
|
|||||
| CVE-2014-8775 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 5.0 MEDIUM | N/A |
|
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
|
|||||
| CVE-2015-3999 | 1 Piriform | 1 Ccleaner | 2025-04-12 | 2.1 LOW | N/A |
|
Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.
|
|||||
| CVE-2015-1091 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
|
|||||
| CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
|
|||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
|
|||||
| CVE-2016-7258 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
|
|||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request.
|
|||||
| CVE-2014-6138 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.
|
|||||
| CVE-2015-7032 | 1 Apple | 4 Iwork, Keynote, Numbers and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.
|
|||||
| CVE-2014-3867 | 1 Ibm | 1 Sametime | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.
|
|||||
| CVE-2016-0701 | 1 Openssl | 1 Openssl | 2025-04-12 | 2.6 LOW | 3.7 LOW |
|
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
|
|||||
| CVE-2016-1864 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
|
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
|
|||||
| CVE-2016-1967 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.
|
|||||
| CVE-2016-6721 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060.
|
|||||
| CVE-2014-8566 | 2 Oracle, Uninett | 2 Linux, Mod Auth Mellon | 2025-04-12 | 6.4 MEDIUM | N/A |
|
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
|
|||||
| CVE-2016-0008 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability."
|
|||||
| CVE-2014-4835 | 1 Ibm | 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer | 2025-04-12 | 2.1 LOW | N/A |
|
IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.
|
|||||
| CVE-2016-0393 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.
|
|||||
| CVE-2015-1090 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
|
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
|
|||||
| CVE-2016-3639 | 1 Sap | 1 Hana Db | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
|
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
|
|||||
| CVE-2014-3801 | 1 Openstack | 1 Heat | 2025-04-12 | 3.5 LOW | N/A |
|
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
|
|||||
| CVE-2015-6631 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24623447.
|
|||||
| CVE-2013-0347 | 1 Webfs | 1 Webfs | 2025-04-12 | 7.2 HIGH | N/A |
|
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
|
|||||