Total
9531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2042 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | |||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | |||||
| CVE-2014-8566 | 2 Oracle, Uninett | 2 Linux, Mod Auth Mellon | 2025-04-12 | 6.4 MEDIUM | N/A |
| The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." | |||||
| CVE-2015-3923 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-12 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. | |||||
| CVE-2015-1285 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. | |||||
| CVE-2015-2414 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-2423 | 1 Microsoft | 15 Excel, Internet Explorer, Office and 12 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." | |||||
| CVE-2015-4069 | 1 Arcserve | 1 Arcserve Unified Data Protection | 2025-04-12 | 7.8 HIGH | N/A |
| The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. | |||||
| CVE-2016-4635 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | |||||
| CVE-2015-3912 | 1 Huawei | 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui | 2025-04-12 | 5.0 MEDIUM | N/A |
| Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | |||||
| CVE-2015-6411 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | |||||
| CVE-2014-8921 | 1 Ibm | 1 Notes Traveler Companion | 2025-04-12 | 4.3 MEDIUM | N/A |
| The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | |||||
| CVE-2015-6419 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | |||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | |||||
| CVE-2016-4646 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | |||||
| CVE-2016-3312 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 5.0 MEDIUM | 9.1 CRITICAL |
| ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability." | |||||
| CVE-2016-2813 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. | |||||
| CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2025-04-12 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||||
| CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 4.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||