Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0168 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
|
|||||
| CVE-2016-2460 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
|
|||||
| CVE-2016-5021 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sens ...
Show More |
|||||
| CVE-2016-4968 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
|
|||||
| CVE-2015-3786 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
|
|||||
| CVE-2016-1748 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
|
|||||
| CVE-2015-6086 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
|
|||||
| CVE-2015-3269 | 2 Adobe, Hp | 2 Livecycle Data Services, Business Service Management | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2016-3262 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2025-04-12 | 5.0 MEDIUM | 5.5 MEDIUM |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerab ...
Show More |
|||||
| CVE-2016-9852 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affect ...
Show More |
|||||
| CVE-2016-1035 | 1 Adobe | 1 Robohelp | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2013-7373 | 1 Google | 1 Android | 2025-04-12 | 7.5 HIGH | N/A |
|
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
|
|||||
| CVE-2015-5092 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5089.
|
|||||
| CVE-2016-0811 | 1 Google | 1 Android | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
|
|||||
| CVE-2014-1777 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
|
|||||
| CVE-2015-2005 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
|
|||||
| CVE-2014-8017 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
|
|||||
| CVE-2015-8336 | 1 Huawei | 1 Fusioncompute | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.
|
|||||
| CVE-2014-8921 | 1 Ibm | 1 Notes Traveler Companion | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.
|
|||||
| CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
|
|||||
| CVE-2013-3982 | 1 Ibm | 1 Sametime | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
|
|||||
| CVE-2013-6043 | 1 Softaculous | 1 Webuzo | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
|
|||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
|
|||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
|
|||||
| CVE-2016-5835 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
|
|||||
| CVE-2015-3176 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.
|
|||||
| CVE-2016-1321 | 1 Cisco | 1 Universal Small Cell Firmware | 2025-04-12 | 5.0 MEDIUM | 5.8 MEDIUM |
|
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
|
|||||
| CVE-2016-3155 | 1 Siemens | 1 Apogee Insight | 2025-04-12 | 3.6 LOW | 3.4 LOW |
|
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
|
|||||
| CVE-2015-1112 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
|
|||||
| CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
|
|||||
| CVE-2015-4345 | 1 Restful Web Services Project | 1 Restful Web Services | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2015-7429 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2025-04-12 | 4.0 MEDIUM | 8.5 HIGH |
|
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.
|
|||||
| CVE-2014-9712 | 1 Websense | 1 V-series Appliances | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
|
|||||
| CVE-2014-3517 | 1 Openstack | 1 Nova | 2025-04-12 | 4.3 MEDIUM | N/A |
|
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
|
|||||
| CVE-2014-8678 | 1 Manageengine | 1 Oputils | 2025-04-12 | 7.8 HIGH | N/A |
|
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
|
|||||
| CVE-2015-1670 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
|
|||||
| CVE-2016-6398 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.
|
|||||
| CVE-2016-5565 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
|
Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.
|
|||||
| CVE-2015-7677 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
|
|||||
| CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
|
|||||