Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0987 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | |||||
| CVE-2015-2897 | 1 Sierrawireless | 6 Airlink Es440, Airlink Es450, Airlink Gx440 and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
| Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. | |||||
| CVE-2015-3092 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091. | |||||
| CVE-2016-3145 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2025-04-12 | 2.1 LOW | 4.6 MEDIUM |
| Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | |||||
| CVE-2014-6134 | 1 Ibm | 2 Installation Manager, Rational Clearcase | 2025-04-12 | 1.2 LOW | N/A |
| IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. | |||||
| CVE-2016-3693 | 1 Safemode Project | 1 Safemode | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | |||||
| CVE-2015-5571 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333. | |||||
| CVE-2015-3184 | 2 Apache, Apple | 3 Http Server, Subversion, Xcode | 2025-04-12 | 5.0 MEDIUM | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | |||||
| CVE-2014-7230 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Cinder, Nova and 2 more | 2025-04-12 | 2.1 LOW | N/A |
| The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | |||||
| CVE-2013-4194 | 1 Plone | 1 Plone | 2025-04-12 | 4.3 MEDIUM | N/A |
| The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. | |||||
| CVE-2015-5163 | 1 Openstack | 1 Glance | 2025-04-12 | 3.5 LOW | N/A |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | |||||
| CVE-2015-6368 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | |||||
| CVE-2015-2018 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 3.5 LOW | N/A |
| IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5443 | 1 Hp | 1 3par Service Processor Sp | 2025-04-12 | 4.0 MEDIUM | N/A |
| HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | |||||
| CVE-2014-3077 | 1 Ibm | 2 Storwize Unified V7000, Storwize V7000 Unified Software | 2025-04-12 | 2.1 LOW | N/A |
| IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. | |||||
| CVE-2014-6131 | 1 Ibm | 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. | |||||
| CVE-2016-7227 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 3.1 LOW |
| The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-1772 | 1 Apple | 1 Safari | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | |||||
| CVE-2012-5505 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
| atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||||