Total
9243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||||
| CVE-2016-4536 | 1 Openafs | 1 Openafs | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. | |||||
| CVE-2014-8244 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2025-04-12 | 7.5 HIGH | N/A |
| Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. | |||||
| CVE-2014-7883 | 1 Hp | 1 Universal Configuration Management Database | 2025-04-12 | 5.0 MEDIUM | N/A |
| HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | |||||
| CVE-2015-3391 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. | |||||
| CVE-2014-9225 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | 4.0 MEDIUM | N/A |
| The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | |||||
| CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||||
| CVE-2015-6102 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." | |||||
| CVE-2015-7928 | 1 Ewon | 1 Ewon Firmware | 2025-04-12 | 5.0 MEDIUM | 8.5 HIGH |
| eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-4207 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. | |||||
| CVE-2015-3040 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. | |||||
| CVE-2016-4648 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-6364 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. | |||||
| CVE-2014-4980 | 1 Tenable | 2 Nessus, Web Ui | 2025-04-12 | 5.0 MEDIUM | N/A |
| The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | |||||
| CVE-2016-6446 | 1 Cisco | 1 Meeting Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | |||||
| CVE-2015-7190 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | |||||
| CVE-2016-1864 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2015-1951 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | 2.1 LOW | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. | |||||
| CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2025-04-12 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2016-5279 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | |||||