Total
8190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5611 | 1 Oracle | 1 Vm Virtualbox | 2025-04-12 | 2.1 LOW | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. | |||||
| CVE-2016-6722 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-31091777. | |||||
| CVE-2016-5976 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 2.6 LOW | 4.9 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | |||||
| CVE-2015-3951 | 1 Rle | 2 Nova-wind Turbine Hmi, Nova-wind Turbine Hmi Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2483 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability." | |||||
| CVE-2015-2139 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. | |||||
| CVE-2015-1999 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | |||||
| CVE-2016-3895 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | |||||
| CVE-2013-1818 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
| maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-1206 | 1 Iodata | 5 Wn-gdn\/r3, Wn-gdn\/r3-c, Wn-gdn\/r3-s and 2 more | 2025-04-12 | 3.3 LOW | 4.3 MEDIUM |
| The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. | |||||
| CVE-2016-9449 | 1 Drupal | 1 Drupal | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | |||||
| CVE-2016-6612 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2014-4812 | 1 Ibm | 1 Security Appscan Source | 2025-04-12 | 1.8 LOW | N/A |
| The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | |||||
| CVE-2016-3759 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 3.3 LOW |
| The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | |||||
| CVE-2016-2999 | 1 Ibm | 1 Connections | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. | |||||
| CVE-2016-4648 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | |||||
| CVE-2015-1892 | 1 Ibm | 2 Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | |||||
| CVE-2016-0012 | 1 Microsoft | 6 Excel, Office, Powerpoint and 3 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass." | |||||