Total
9384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3752 | 2 Apple, Canonical | 3 Iphone Os, Safari, Ubuntu Linux | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. | |||||
| CVE-2016-3562 | 1 Oracle | 1 Database Server | 2025-04-12 | 4.3 MEDIUM | 2.4 LOW |
| Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. | |||||
| CVE-2016-3902 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072. | |||||
| CVE-2015-2421 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||||
| CVE-2013-2998 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | 3.5 LOW | N/A |
| frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code. | |||||
| CVE-2016-3924 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301. | |||||
| CVE-2015-7000 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. | |||||
| CVE-2014-8105 | 1 Fedoraproject | 2 389 Directory Server, Fedora | 2025-04-12 | 5.0 MEDIUM | N/A |
| 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. | |||||
| CVE-2014-5320 | 1 Bump Project | 1 Bump | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | |||||
| CVE-2014-10005 | 1 Maianscriptworld | 1 Maian Uploader | 2025-04-12 | 5.0 MEDIUM | N/A |
| Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. | |||||
| CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2025-04-12 | 2.1 LOW | N/A |
| The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||
| CVE-2016-1898 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file. | |||||
| CVE-2014-3662 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. | |||||
| CVE-2015-5430 | 1 Hp | 1 Matrix Operating Environment | 2025-04-12 | 5.0 MEDIUM | N/A |
| HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8280 | 1 Samsung | 1 Web Viewer | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. | |||||
| CVE-2015-7080 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2016-0871 | 1 Eaton Lighting Systems | 1 Eg2 Web Control | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | |||||
| CVE-2015-1994 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-3296 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. | |||||
| CVE-2015-5089 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5092. | |||||