Total
9531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7058 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 4.3 MEDIUM | N/A |
| Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||||
| CVE-2015-1116 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | |||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | |||||
| CVE-2015-5730 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 5.0 MEDIUM | N/A |
| The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated. | |||||
| CVE-2014-1808 | 1 Microsoft | 1 Office | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability." | |||||
| CVE-2016-0783 | 1 Apache | 1 Openmeetings | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. | |||||
| CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||||
| CVE-2014-4403 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | |||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | |||||
| CVE-2015-1110 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | |||||
| CVE-2016-3256 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 2.1 LOW | 5.0 MEDIUM |
| Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability." | |||||
| CVE-2015-8791 | 1 Matroska | 1 Libebml | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | |||||
| CVE-2014-7284 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.4 MEDIUM | N/A |
| The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values. | |||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | |||||
| CVE-2015-0583 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | |||||
| CVE-2015-1064 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. | |||||
| CVE-2015-7412 | 1 Ibm | 1 Datapower Gateway | 2025-04-12 | 2.6 LOW | N/A |
| The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. | |||||
| CVE-2016-4169 | 1 Adobe | 1 Experience Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||||
| CVE-2014-1738 | 5 Debian, Linux, Oracle and 2 more | 8 Debian Linux, Linux Kernel, Linux and 5 more | 2025-04-12 | 2.1 LOW | N/A |
| The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. | |||||
| CVE-2014-6064 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. | |||||