Total
8219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3561 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-12 | 2.1 LOW | N/A |
| The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | |||||
| CVE-2016-0008 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability." | |||||
| CVE-2014-3485 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-12 | 4.0 MEDIUM | N/A |
| The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-2117 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Vm Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | |||||
| CVE-2016-1192 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | |||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | |||||
| CVE-2015-4990 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 1.9 LOW | 4.0 MEDIUM |
| The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type. | |||||
| CVE-2015-4214 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. | |||||
| CVE-2014-1690 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 2.6 LOW | N/A |
| The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. | |||||
| CVE-2015-0996 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | 2.1 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. | |||||
| CVE-2014-6130 | 1 Ibm | 1 Notes Traveler | 2025-04-12 | 5.0 MEDIUM | N/A |
| The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. | |||||
| CVE-2016-0378 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2025-04-12 | 2.6 LOW | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
| CVE-2016-0259 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 2.5 LOW |
| runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | |||||
| CVE-2015-8253 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. | |||||
| CVE-2015-1108 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | |||||
| CVE-2016-1614 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
| CVE-2016-0341 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-1787 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||||
| CVE-2015-8869 | 3 Fedoraproject, Ocaml, Opensuse | 3 Fedora, Ocaml, Opensuse | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. | |||||