Total
8189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6688 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080. | |||||
| CVE-2016-6750 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825. | |||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2025-04-12 | 5.0 MEDIUM | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2016-6146 | 1 Sap | 1 Trex | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226. | |||||
| CVE-2016-7420 | 1 Cryptopp | 1 Crypto\+\+ | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. | |||||
| CVE-2015-8148 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||||
| CVE-2014-0946 | 1 Ibm | 1 Operational Decision Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2015-0628 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | N/A |
| The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | |||||
| CVE-2015-0988 | 1 Omron | 1 Cx-programmer | 2025-04-12 | 2.1 LOW | N/A |
| Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
| CVE-2015-3184 | 2 Apache, Apple | 3 Http Server, Subversion, Xcode | 2025-04-12 | 5.0 MEDIUM | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | |||||
| CVE-2015-1914 | 1 Ibm | 1 Java | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. | |||||
| CVE-2016-6936 | 3 Adobe, Apple, Microsoft | 3 Air Sdk \& Compiler, Mac Os X, Windows | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. | |||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2151 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list. | |||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | |||||
| CVE-2015-2483 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability." | |||||
| CVE-2016-1903 | 1 Php | 1 Php | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. | |||||
| CVE-2015-0200 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 2.1 LOW | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. | |||||
| CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | |||||