Total
8174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1426 | 2 Puppet, Puppetlabs | 2 Facter, Facter | 2025-04-12 | 2.1 LOW | N/A |
| Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. | |||||
| CVE-2016-2055 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||||
| CVE-2016-7889 | 1 Adobe | 1 Digital Editions | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||||
| CVE-2014-3481 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
| org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8839 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | |||||
| CVE-2014-3249 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | 5.0 MEDIUM | N/A |
| Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. | |||||
| CVE-2016-2013 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0143 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | |||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2025-04-12 | 5.8 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | |||||
| CVE-2015-6632 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
| libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430. | |||||
| CVE-2016-3836 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | |||||
| CVE-2015-2412 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-7284 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-0825 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | |||||
| CVE-2016-3291 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 2.4 LOW |
| Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-4169 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||||
| CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||
| CVE-2016-1853 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. | |||||