Total
9531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4219 | 1 Cisco | 2 Identity Services Engine Software, Secure Access Control System | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | |||||
| CVE-2015-6632 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
| libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430. | |||||
| CVE-2014-4458 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0875 | 1 Okb.co.jp | 1 Smartphone Passbook | 2025-04-12 | 1.8 LOW | N/A |
| The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | |||||
| CVE-2015-0527 | 1 Emc | 1 Documentum Xcelerated Management System | 2025-04-12 | 2.1 LOW | N/A |
| EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2016-1852 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | 2.4 LOW |
| Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. | |||||
| CVE-2016-6678 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434. | |||||
| CVE-2014-5427 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. | |||||
| CVE-2016-5927 | 1 Ibm | 1 Tivoli Storage Manager For Space Management | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output. | |||||
| CVE-2014-9423 | 1 Mit | 1 Kerberos 5 | 2025-04-12 | 5.0 MEDIUM | N/A |
| The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. | |||||
| CVE-2015-4929 | 1 Ibm | 1 License Metric Tool | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | |||||
| CVE-2014-3304 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | |||||
| CVE-2014-8537 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | 2.1 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2015-5858 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 5.0 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. | |||||
| CVE-2015-6661 | 1 Drupal | 1 Drupal | 2025-04-12 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. | |||||
| CVE-2015-4263 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. | |||||
| CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2016-0870 | 1 Trane | 1 Tracer Sc | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | |||||
| CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. | |||||