Total
9537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | |||||
| CVE-2014-6621 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | |||||
| CVE-2016-2459 | 1 Google | 10 Android, Android One, Nexus 5 and 7 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038. | |||||
| CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2025-04-12 | 2.1 LOW | N/A |
| The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2015-7215 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | |||||
| CVE-2016-2952 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-7108 | 1 Huawei | 1 Uma | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | |||||
| CVE-2016-4740 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | 2.9 LOW |
| Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-6313 | 3 Canonical, Debian, Gnupg | 4 Ubuntu Linux, Debian Linux, Gnupg and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | |||||
| CVE-2016-5279 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | |||||
| CVE-2016-2140 | 1 Openstack | 1 Nova | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | |||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | |||||
| CVE-2016-9567 | 1 Samsung | 1 Samsung Mobile | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. | |||||
| CVE-2014-8736 | 1 Open Atrium Project | 1 Open Atrium | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node. | |||||
| CVE-2016-5565 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
| Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA. | |||||
| CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | |||||
| CVE-2016-3291 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 2.4 LOW |
| Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2015-7761 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | |||||
| CVE-2014-5448 | 1 Zarafa | 1 Zarafa | 2025-04-12 | 2.1 LOW | N/A |
| Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | |||||
| CVE-2014-0946 | 1 Ibm | 1 Operational Decision Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||