Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0800 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | |||||
| CVE-2016-0377 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3012 | 1 Ibm | 2 Api Connect, Network Path Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | |||||
| CVE-2015-7900 | 1 Infinite Automation Systems | 1 Mango Automation | 2025-04-12 | 4.3 MEDIUM | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | |||||
| CVE-2014-6083 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||||
| CVE-2015-6474 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. | |||||
| CVE-2016-5575 | 1 Oracle | 1 Common Applications | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module. | |||||
| CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | |||||
| CVE-2016-3255 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | |||||
| CVE-2015-1941 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 7.8 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. | |||||
| CVE-2013-5423 | 1 Ibm | 1 Flex System Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | |||||
| CVE-2015-2748 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | |||||
| CVE-2014-2064 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 5.0 MEDIUM | N/A |
| The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | |||||
| CVE-2012-5497 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | |||||
| CVE-2016-6344 | 1 Redhat | 1 Jboss Bpm Suite | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | |||||
| CVE-2014-5449 | 1 Zarafa | 2 Webaccess, Webapp | 2025-04-12 | 2.1 LOW | N/A |
| Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | |||||
| CVE-2014-1361 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. | |||||
| CVE-2016-3064 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors. | |||||
| CVE-2014-1739 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2025-04-12 | 2.1 LOW | N/A |
| The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. | |||||
| CVE-2016-7214 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability." | |||||