Total
9137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9423 | 1 Mit | 1 Kerberos 5 | 2025-04-12 | 5.0 MEDIUM | N/A |
| The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. | |||||
| CVE-2013-6741 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more | 2025-04-12 | 3.5 LOW | N/A |
| IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. | |||||
| CVE-2015-8005 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file. | |||||
| CVE-2012-2150 | 1 Sgi | 1 Xfsprogs | 2025-04-12 | 5.0 MEDIUM | N/A |
| xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | |||||
| CVE-2016-4742 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | |||||
| CVE-2015-4494 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | |||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |||||
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2025-04-12 | 4.0 MEDIUM | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | |||||
| CVE-2014-6115 | 1 Ibm | 1 Rational Insight | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. | |||||
| CVE-2015-5490 | 1 Views Project | 1 Views | 2025-04-12 | 5.0 MEDIUM | N/A |
| The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. | |||||
| CVE-2013-6472 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | |||||
| CVE-2014-5094 | 1 Status2k | 1 Status2k | 2025-04-12 | 5.0 MEDIUM | N/A |
| Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | |||||
| CVE-2015-5851 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | |||||
| CVE-2014-5137 | 1 Iii | 1 Sierra | 2025-04-12 | 5.0 MEDIUM | N/A |
| Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | |||||
| CVE-2014-8735 | 1 Bad Behavior Project | 1 Bad Behavior | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file. | |||||
| CVE-2015-4263 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. | |||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | |||||
| CVE-2014-9896 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | |||||
| CVE-2016-5971 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-3267 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||