Total
8191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4403 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | |||||
| CVE-2014-3351 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. | |||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-5971 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-0194 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-6046 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-7889 | 1 Adobe | 1 Digital Editions | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||||
| CVE-2016-1849 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. | |||||
| CVE-2016-3312 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 5.0 MEDIUM | 9.1 CRITICAL |
| ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability." | |||||
| CVE-2015-2080 | 2 Eclipse, Fedoraproject | 2 Jetty, Fedora | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | |||||
| CVE-2016-4474 | 1 Redhat | 1 Openstack | 2025-04-12 | 3.3 LOW | 8.8 HIGH |
| The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | |||||
| CVE-2016-1490 | 1 Lenovo | 1 Shareit | 2025-04-12 | 2.7 LOW | 4.1 MEDIUM |
| The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | |||||
| CVE-2016-3924 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301. | |||||
| CVE-2015-6409 | 1 Cisco | 1 Jabber | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | |||||
| CVE-2015-6165 | 1 Microsoft | 1 Silverlight | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. | |||||
| CVE-2016-1594 | 1 Novell | 1 Service Desk | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. | |||||
| CVE-2015-3762 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3707 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | |||||
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | |||||
| CVE-2016-0904 | 1 Emc | 1 Avamar Server | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | |||||