Total
9147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4826 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2015-1064 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. | |||||
| CVE-2015-2108 | 1 Hp | 1 Operations Orchestration | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-9285 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | |||||
| CVE-2015-1005 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | 2.1 LOW | N/A |
| IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3412 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | |||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | |||||
| CVE-2016-7233 | 1 Microsoft | 9 Excel For Mac, Office, Office Compatibility Pack and 6 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
| CVE-2015-5223 | 1 Openstack | 1 Swift | 2025-04-12 | 5.0 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | |||||
| CVE-2016-6610 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-1199 | 1 Lockon | 1 Ec-cube | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
| CVE-2016-7257 | 1 Microsoft | 4 Office For Mac, Windows 7, Windows Server 2008 and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | |||||
| CVE-2015-5340 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php. | |||||
| CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 4.0 MEDIUM | N/A |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2014-8536 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | 2.1 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | |||||
| CVE-2014-9897 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | |||||
| CVE-2014-6170 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault. | |||||
| CVE-2015-3251 | 1 Apache | 1 Cloudstack | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | |||||
| CVE-2015-5024 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors. | |||||