Total
8175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0149 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability." | |||||
| CVE-2016-5137 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. | |||||
| CVE-2015-7935 | 1 Motorola | 1 Moscad Ip Gateway Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-5339 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request. | |||||
| CVE-2016-5603 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. | |||||
| CVE-2015-7437 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0255 | 2 Opensuse, X.org | 2 Opensuse, Xorg-server | 2025-04-12 | 6.4 MEDIUM | N/A |
| X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. | |||||
| CVE-2014-5128 | 1 Iii | 1 Encore Discovery Solution | 2025-04-12 | 5.0 MEDIUM | N/A |
| Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6375 | 1 Cisco | 1 Ios | 2025-04-12 | 2.1 LOW | N/A |
| The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |||||
| CVE-2015-1680 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679. | |||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2025-04-12 | 2.6 LOW | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
| CVE-2016-0267 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
| IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request. | |||||
| CVE-2015-1112 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | |||||
| CVE-2015-4214 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. | |||||
| CVE-2015-4928 | 2 Apache, Ibm | 2 Ambari, Infosphere Biginsights | 2025-04-12 | 4.3 MEDIUM | N/A |
| Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. | |||||
| CVE-2015-6557 | 1 Ibm | 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2025-04-12 | 2.1 LOW | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949. | |||||
| CVE-2015-6727 | 2 Canonical, Mediawiki | 2 Ubuntu Linux, Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||||
| CVE-2015-3282 | 1 Openafs | 1 Openafs | 2025-04-12 | 4.3 MEDIUM | N/A |
| vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | |||||
| CVE-2015-8703 | 1 Zte | 4 Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | |||||
| CVE-2016-0341 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||