Total
9537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3249 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | 5.0 MEDIUM | N/A |
| Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. | |||||
| CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2016-5329 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
| CVE-2015-6852 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | |||||
| CVE-2016-0028 | 1 Microsoft | 2 Exchange Server, Outlook Web Access | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." | |||||
| CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
| The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2016-1319 | 4 Samsung, Sun, Zyxel and 1 more | 4 X14j Firmware, Opensolaris, Gs1900-10hp Firmware and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | |||||
| CVE-2016-2947 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-12 | 4.0 MEDIUM | 2.7 LOW |
| IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5443 | 1 Hp | 1 3par Service Processor Sp | 2025-04-12 | 4.0 MEDIUM | N/A |
| HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-7992 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
| The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | |||||
| CVE-2016-0825 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | |||||
| CVE-2016-1939 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. | |||||
| CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
| CVE-2025-23387 | 2025-04-11 | N/A | 5.3 MEDIUM | ||
| A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | |||||
| CVE-2024-52280 | 2025-04-11 | N/A | 7.7 HIGH | ||
| A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b. | |||||
| CVE-2025-32395 | 2025-04-11 | N/A | N/A | ||
| Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec (RFC 9112) does not allow # in request-target. Although an attacker can send such a request. For those requests with an invalid request-line (it includes request-target), the spec recommends to reject them with 400 or 301. The same can be said for HTTP 2. On Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of http.IncomingMessage.url contains #. Vite assumed req.url won't contain # when checking server.fs.deny, allowing those kinds of requests to bypass the check. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) and running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun) are affected. This vulnerability is fixed in 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13. | |||||
| CVE-2025-32700 | 2025-04-11 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1. | |||||
| CVE-2024-52282 | 2025-04-11 | N/A | 6.2 MEDIUM | ||
| A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4. | |||||
| CVE-2013-4590 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Solaris | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-1665 | 1 Openstack | 2 Folsom, Keystone Essex | 2025-04-11 | 5.0 MEDIUM | N/A |
| The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | |||||