Total
9150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 5.0 MEDIUM | N/A |
| The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2025-04-12 | 4.3 MEDIUM | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | |||||
| CVE-2016-10005 | 1 Sap | 1 Solution Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. | |||||
| CVE-2014-8025 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | 4.3 MEDIUM | N/A |
| The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. | |||||
| CVE-2016-5812 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | |||||
| CVE-2014-5128 | 1 Iii | 1 Encore Discovery Solution | 2025-04-12 | 5.0 MEDIUM | N/A |
| Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3907 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352. | |||||
| CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
| CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | 1.9 LOW | N/A |
| The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2015-1009 | 2 Indusoft, Wonderware | 2 Web Studio, Intouch | 2025-04-12 | 1.7 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.6 MEDIUM | 6.8 MEDIUM |
| Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | |||||
| CVE-2015-4375 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity. | |||||
| CVE-2014-6123 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2025-04-12 | 2.1 LOW | N/A |
| IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. | |||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2025-04-12 | 2.1 LOW | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | |||||
| CVE-2016-1325 | 1 Cisco | 3 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware, Dpc3941 Wireless Residential Voice Gateway | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | |||||
| CVE-2014-3056 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | |||||
| CVE-2015-6059 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||
| CVE-2016-4719 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. | |||||
| CVE-2015-7675 | 1 Ipswitch | 2 Moveit Dmz, Moveit Mobile | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx. | |||||
| CVE-2016-5166 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 2.6 LOW | 3.1 LOW |
| The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | |||||