Total
8205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1670 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2016-0903 | 1 Emc | 1 Avamar Server | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | |||||
| CVE-2013-5760 | 1 Qnap | 2 Photo Station, Photo Station Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | |||||
| CVE-2014-5405 | 1 Hospira | 1 Mednet | 2025-04-12 | 9.0 HIGH | N/A |
| Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||||
| CVE-2014-9568 | 1 Voxpupuli | 1 Rabbitmq | 2025-04-12 | 2.1 LOW | N/A |
| puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. | |||||
| CVE-2014-3400 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||||
| CVE-2016-3215 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201. | |||||
| CVE-2016-0724 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | |||||
| CVE-2015-4194 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. | |||||
| CVE-2015-6053 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-1113 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | |||||
| CVE-2014-9225 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | 4.0 MEDIUM | N/A |
| The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | |||||
| CVE-2015-3391 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. | |||||
| CVE-2014-2545 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | |||||
| CVE-2015-2748 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | |||||
| CVE-2015-0991 | 1 Inductiveautomation | 1 Ignition | 2025-04-12 | 5.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||||
| CVE-2015-5073 | 2 Ibm, Pcre | 2 Powerkvm, Pcre | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | |||||
| CVE-2015-3753 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. | |||||
| CVE-2016-0232 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files. | |||||
| CVE-2016-5328 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||