Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1357 | 1 Cisco | 1 Cisco Policy Suite | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211. | |||||
| CVE-2016-3906 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344. | |||||
| CVE-2016-6613 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 2.1 LOW | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2015-5610 | 1 Solarwinds | 1 N-able N-central | 2025-04-12 | 4.0 MEDIUM | N/A |
| The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. | |||||
| CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-04-12 | 2.1 LOW | N/A |
| drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | |||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | |||||
| CVE-2016-5097 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. | |||||
| CVE-2016-6859 | 1 Sap | 1 Hybris | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | |||||
| CVE-2015-1984 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | |||||
| CVE-2015-6276 | 1 Cisco | 1 Telepresence System Software Ix | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. | |||||
| CVE-2016-7960 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | 1.9 LOW | 2.5 LOW |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2015-7328 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-1096 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 1.9 LOW | N/A |
| IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||||
| CVE-2016-3370 | 1 Microsoft | 5 Edge, Windows 10, Windows 8.1 and 2 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374. | |||||
| CVE-2016-2055 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||||
| CVE-2015-0087 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0089. | |||||
| CVE-2016-8820 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. | |||||
| CVE-2016-6721 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060. | |||||
| CVE-2015-5831 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
| NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2014-9898 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575. | |||||