Total
8173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. | |||||
| CVE-2015-0271 | 1 Redhat | 1 Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
| The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | |||||
| CVE-2015-3448 | 1 Rest-client Project | 1 Rest-client | 2025-04-12 | 2.1 LOW | N/A |
| REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2016-3273 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
| The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2015-0875 | 1 Okb.co.jp | 1 Smartphone Passbook | 2025-04-12 | 1.8 LOW | N/A |
| The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | |||||
| CVE-2015-8487 | 1 Cybozu | 1 Office | 2025-04-12 | 2.6 LOW | 4.3 MEDIUM |
| Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | |||||
| CVE-2016-3852 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | |||||
| CVE-2015-3201 | 1 Redhat | 1 Thermostat | 2025-04-12 | 2.1 LOW | N/A |
| Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | |||||
| CVE-2016-3896 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | |||||
| CVE-2016-6838 | 1 Huawei | 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more | 2025-04-12 | 4.3 MEDIUM | 7.5 HIGH |
| Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. | |||||
| CVE-2014-3242 | 1 Makina-corpus | 1 Soappy | 2025-04-12 | 5.0 MEDIUM | N/A |
| SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-4218 | 1 Cisco | 1 Jabber | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. | |||||
| CVE-2015-8268 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-3329 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2421 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||||
| CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2025-04-12 | 2.1 LOW | N/A |
| The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||
| CVE-2016-1785 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2016-6670 | 2 Huawei, Huawei Firmware | 8 S12700, S7700, S7700 Firmware and 5 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. | |||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | |||||
| CVE-2015-6135 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||