Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6625 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | N/A |
|
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
|
|||||
| CVE-2015-1887 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
|
|||||
| CVE-2015-5411 | 1 Hp | 1 Version Control Repository Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
|
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-0864 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.
|
|||||
| CVE-2015-7444 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-3893 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400.
|
|||||
| CVE-2016-0321 | 1 Ibm | 1 Personal Communications | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
|
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
|
|||||
| CVE-2016-1910 | 1 Sap | 1 Netweaver | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
|
|||||
| CVE-2016-7887 | 4 Adobe, Apple, Linux and 1 more | 4 Coldfusion Builder, Macos, Linux Kernel and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.
|
|||||
| CVE-2015-0077 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
|
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."
|
|||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
|
|||||
| CVE-2015-0271 | 1 Redhat | 1 Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
|
|||||
| CVE-2016-5849 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 1.9 LOW | 2.5 LOW |
|
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
|
|||||
| CVE-2016-0059 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
|
|||||
| CVE-2015-5853 | 1 Apple | 1 Mac Os X | 2025-04-12 | 3.3 LOW | N/A |
|
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
|
|||||
| CVE-2016-5481 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services.
|
|||||
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 ...
Show More |
|||||
| CVE-2016-8820 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 5.6 MEDIUM | 6.1 MEDIUM |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
|
|||||
| CVE-2015-3040 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.
|
|||||
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2025-04-12 | 1.7 LOW | 3.8 LOW |
|
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
|
|||||
| CVE-2016-6344 | 1 Redhat | 1 Jboss Bpm Suite | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
|
|||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
|
|||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
|
|||||
| CVE-2015-0999 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | 2.1 LOW | N/A |
|
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2016-2156 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.
|
|||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 1.7 LOW | 6.7 MEDIUM |
|
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
|
|||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
|
|||||
| CVE-2014-4357 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 2.1 LOW | N/A |
|
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
|
|||||
| CVE-2016-3232 | 1 Microsoft | 1 Windows Server 2012 | 2025-04-12 | 2.1 LOW | 5.0 MEDIUM |
|
The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."
|
|||||
| CVE-2015-4940 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2025-04-12 | 2.1 LOW | N/A |
|
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2014-4781 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.
|
|||||
| CVE-2015-7022 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
|
|||||
| CVE-2015-7915 | 1 Sauter | 1 Moduweb Vision | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2016-6684 | 1 Google | 8 Android, Android One, Nexus 5 and 5 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243.
|
|||||
| CVE-2016-2298 | 1 Meteocontrol | 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
|
|||||
| CVE-2014-9896 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.
|
|||||
| CVE-2016-4719 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
|
|||||
| CVE-2015-6368 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
|
|||||
| CVE-2015-0758 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
|
|||||
| CVE-2015-2018 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 3.5 LOW | N/A |
|
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
|||||