Total
9145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5015 | 1 Ibm | 1 Websphere Commerce Enterprise | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | |||||
| CVE-2015-3786 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. | |||||
| CVE-2015-6629 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | N/A |
| Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. | |||||
| CVE-2015-4962 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2025-04-12 | 2.7 LOW | 3.5 LOW |
| Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2015-3231 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | |||||
| CVE-2015-8252 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | |||||
| CVE-2015-5661 | 1 Airdroid | 1 Airdroid | 2025-04-12 | 4.3 MEDIUM | N/A |
| The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2014-2392 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 4.3 MEDIUM | N/A |
| The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2016-6936 | 3 Adobe, Apple, Microsoft | 3 Air Sdk \& Compiler, Mac Os X, Windows | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. | |||||
| CVE-2016-2940 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2014-9049 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||||
| CVE-2016-2142 | 1 Redhat | 1 Openshift | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | |||||
| CVE-2014-8553 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 5.0 MEDIUM | N/A |
| The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | |||||
| CVE-2014-3508 | 1 Openssl | 1 Openssl | 2025-04-12 | 4.3 MEDIUM | N/A |
| The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. | |||||
| CVE-2014-4826 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2015-1064 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. | |||||
| CVE-2015-2108 | 1 Hp | 1 Operations Orchestration | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-9285 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | |||||
| CVE-2015-1005 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | 2.1 LOW | N/A |
| IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3412 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | |||||