Total
9537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1617 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. | |||||
| CVE-2016-1658 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | |||||
| CVE-2016-6420 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | |||||
| CVE-2016-1242 | 1 Tryton | 1 Tryton | 2025-04-12 | 4.0 MEDIUM | 4.4 MEDIUM |
| file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. | |||||
| CVE-2014-3398 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. | |||||
| CVE-2015-6474 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. | |||||
| CVE-2014-4620 | 2 Emc, Meditech | 2 Networker, Meditech | 2025-04-12 | 2.1 LOW | N/A |
| The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2015-3184 | 2 Apache, Apple | 3 Http Server, Subversion, Xcode | 2025-04-12 | 5.0 MEDIUM | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | |||||
| CVE-2015-0260 | 2 Kallithea-scm, Rhodecode | 2 Kallithea, Rhodecode Enterprise | 2025-04-12 | 4.0 MEDIUM | N/A |
| RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. | |||||
| CVE-2016-6345 | 1 Redhat | 1 Resteasy | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | |||||
| CVE-2016-1497 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via unspecified vectors. | |||||
| CVE-2016-5744 | 1 Siemens | 1 Simatic Wincc | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | |||||
| CVE-2014-5449 | 1 Zarafa | 2 Webaccess, Webapp | 2025-04-12 | 2.1 LOW | N/A |
| Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | |||||
| CVE-2016-3814 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342. | |||||
| CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||||
| CVE-2014-6323 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." | |||||
| CVE-2016-6026 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-12 | 2.9 LOW | 5.3 MEDIUM |
| The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. | |||||
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2025-04-12 | 5.0 MEDIUM | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2014-6624 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-9185 | 1 Openstack | 1 Heat | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. | |||||