Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7128 | 1 Php | 1 Php | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |||||
| CVE-2014-8678 | 1 Manageengine | 1 Oputils | 2025-04-12 | 7.8 HIGH | N/A |
| The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | |||||
| CVE-2015-6165 | 1 Microsoft | 1 Silverlight | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. | |||||
| CVE-2015-4949 | 1 Ibm | 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2025-04-12 | 2.1 LOW | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557. | |||||
| CVE-2015-6611 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
| mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074. | |||||
| CVE-2014-6621 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | |||||
| CVE-2015-3778 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 3.3 LOW | N/A |
| bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |||||
| CVE-2015-0077 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." | |||||
| CVE-2016-6464 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). | |||||
| CVE-2016-7031 | 2 Ceph Project, Redhat | 2 Ceph, Ceph Storage | 2025-04-12 | 4.3 MEDIUM | 7.5 HIGH |
| The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | |||||
| CVE-2015-6102 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." | |||||
| CVE-2016-0059 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-5341 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors. | |||||
| CVE-2016-9855 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. | |||||
| CVE-2016-2079 | 1 Vmware | 2 Nsx Edge, Vcloud Networking And Security Edge | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5288 | 1 Postgresql | 1 Postgresql | 2025-04-12 | 6.4 MEDIUM | N/A |
| The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | |||||
| CVE-2015-8335 | 1 Huawei | 1 Vcn500 | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | |||||
| CVE-2015-2718 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. | |||||
| CVE-2016-0893 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||||
| CVE-2015-1127 | 1 Apple | 1 Safari | 2025-04-12 | 2.1 LOW | N/A |
| The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. | |||||