Total
8191 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||||
CVE-2015-1851 | 2 Canonical, Openstack | 4 Ubuntu Linux, Icehouse, Juno and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | |||||
CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||
CVE-2016-6750 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825. | |||||
CVE-2015-1941 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 7.8 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. | |||||
CVE-2014-2038 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 2.1 LOW | N/A |
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file. | |||||
CVE-2014-4766 | 1 Ibm | 1 Classic Meeting Server | 2025-04-12 | 5.0 MEDIUM | N/A |
IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | |||||
CVE-2015-6727 | 2 Canonical, Mediawiki | 2 Ubuntu Linux, Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||||
CVE-2011-3634 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2025-04-12 | 2.6 LOW | N/A |
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors. | |||||
CVE-2014-0323 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2025-04-12 | 6.6 MEDIUM | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability." | |||||
CVE-2015-5231 | 2 Criu, Opensuse | 2 Checkpoint\/restore In Userspace, Opensuse | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. | |||||
CVE-2015-8090 | 1 Tibco | 1 Loglogic Unity | 2025-04-12 | 4.0 MEDIUM | N/A |
The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. | |||||
CVE-2014-6107 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||||
CVE-2014-1830 | 2 Opensuse, Python | 2 Opensuse, Requests | 2025-04-12 | 5.0 MEDIUM | N/A |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | |||||
CVE-2015-4395 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2025-04-12 | 3.5 LOW | N/A |
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database. | |||||
CVE-2015-4958 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 2.1 LOW | 3.3 LOW |
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. | |||||
CVE-2014-5449 | 1 Zarafa | 2 Webaccess, Webapp | 2025-04-12 | 2.1 LOW | N/A |
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | |||||
CVE-2015-2433 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." | |||||
CVE-2015-8100 | 1 Net-snmp | 1 Net-snmp | 2025-04-12 | 2.1 LOW | N/A |
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. | |||||
CVE-2016-5260 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file. |