Total
9138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4713 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. | |||||
| CVE-2014-8437 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. | |||||
| CVE-2015-0061 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." | |||||
| CVE-2014-0504 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors. | |||||
| CVE-2016-3651 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 6.0 MEDIUM | 8.0 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. | |||||
| CVE-2016-2294 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. | |||||
| CVE-2015-3995 | 1 Sap | 1 Hana | 2025-04-12 | 4.0 MEDIUM | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | |||||
| CVE-2015-7429 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2025-04-12 | 4.0 MEDIUM | 8.5 HIGH |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory. | |||||
| CVE-2016-2212 | 1 Magento | 1 Magento | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. | |||||
| CVE-2016-1787 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||||
| CVE-2014-2749 | 1 Sap | 1 Hana | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | |||||
| CVE-2015-1907 | 1 Ibm | 1 Rational License Key Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | |||||
| CVE-2015-1618 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | 4.0 MEDIUM | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | |||||
| CVE-2015-4218 | 1 Cisco | 1 Jabber | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. | |||||
| CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||||
| CVE-2014-3707 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | |||||
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | |||||
| CVE-2015-2077 | 1 Komodia | 1 Redirector Sdk | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products. | |||||
| CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | |||||
| CVE-2016-4752 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | |||||