Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2421 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||||
| CVE-2016-3273 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
| The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2014-3543 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
| mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. | |||||
| CVE-2014-8566 | 2 Oracle, Uninett | 2 Linux, Mod Auth Mellon | 2025-04-12 | 6.4 MEDIUM | N/A |
| The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." | |||||
| CVE-2015-2414 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-1614 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
| CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | |||||
| CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
| CVE-2016-3852 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | |||||
| CVE-2015-0992 | 1 Inductiveautomation | 1 Ignition | 2025-04-12 | 2.1 LOW | N/A |
| Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-1651 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Leap and 1 more | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | |||||
| CVE-2015-1488 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | |||||
| CVE-2015-5403 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139. | |||||
| CVE-2016-3761 | 1 Google | 1 Android | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
| NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969. | |||||
| CVE-2015-3943 | 1 Advantech | 1 Webaccess | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | |||||
| CVE-2016-5498 | 1 Oracle | 1 Database Server | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499. | |||||
| CVE-2015-5749 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
| CVE-2016-2140 | 1 Openstack | 1 Nova | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | |||||
| CVE-2016-2042 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | |||||