Total
8299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | 1.7 LOW | 3.8 LOW |
| The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2015-0998 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | 3.3 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-0248 | 1 Ibm | 1 Security Guardium | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors. | |||||
| CVE-2016-9286 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | |||||
| CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||||
| CVE-2015-1314 | 1 Usaa | 1 Mobile Banking | 2025-04-12 | 2.1 LOW | N/A |
| The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | |||||
| CVE-2016-0800 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | |||||
| CVE-2015-8148 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2015-4207 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. | |||||
| CVE-2015-4494 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | |||||
| CVE-2016-1325 | 1 Cisco | 3 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware, Dpc3941 Wireless Residential Voice Gateway | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | |||||
| CVE-2013-5423 | 1 Ibm | 1 Flex System Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | |||||
| CVE-2014-3242 | 1 Makina-corpus | 1 Soappy | 2025-04-12 | 5.0 MEDIUM | N/A |
| SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-9899 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | |||||
| CVE-2016-5812 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | |||||
| CVE-2016-0169 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. | |||||
| CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||||
| CVE-2015-1851 | 2 Canonical, Openstack | 4 Ubuntu Linux, Icehouse, Juno and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | |||||
| CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||