Total
9115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7889 | 1 Adobe | 1 Digital Editions | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. | |||||
| CVE-2014-0059 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 2.1 LOW | N/A |
| JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-6627 | 1 Google | 1 Android | 2025-04-12 | 2.6 LOW | N/A |
| The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743. | |||||
| CVE-2015-7056 | 1 Apple | 1 Xcode | 2025-04-12 | 5.0 MEDIUM | N/A |
| IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. | |||||
| CVE-2015-1994 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2015-2556 | 1 Microsoft | 1 Sharepoint Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." | |||||
| CVE-2014-5341 | 1 Owncloud | 1 Owncloud | 2025-04-12 | 4.3 MEDIUM | N/A |
| The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-0347 | 1 Webfs | 1 Webfs | 2025-04-12 | 7.2 HIGH | N/A |
| The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | |||||
| CVE-2015-7456 | 1 Ibm | 1 Spectrum Scale | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |||||
| CVE-2015-2423 | 1 Microsoft | 15 Excel, Internet Explorer, Office and 12 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." | |||||
| CVE-2016-3170 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2016-5390 | 1 Theforeman | 1 Foreman | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces. | |||||
| CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2025-04-12 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2015-1887 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. | |||||
| CVE-2015-4208 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 7.5 HIGH | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | |||||
| CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | |||||
| CVE-2014-8007 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. | |||||
| CVE-2015-8575 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
| The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | |||||