Total
9383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0996 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | 2.1 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. | |||||
| CVE-2014-6622 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | |||||
| CVE-2014-9408 | 1 Ekahau | 4 Activator, B4 Staff Badge Tag, B4 Staff Badge Tag Firmware and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. | |||||
| CVE-2015-1595 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | |||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 4.0 MEDIUM |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2016-0385 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 3.5 LOW | 3.1 LOW |
| Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2058 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-12 | 6.5 MEDIUM | N/A |
| c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID. | |||||
| CVE-2016-2158 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. | |||||
| CVE-2016-0862 | 1 Ge | 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | |||||
| CVE-2015-6471 | 1 Eaton | 1 Proview | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | |||||
| CVE-2015-8232 | 1 Uc Profile Project | 1 Uc Profile | 2025-04-12 | 4.3 MEDIUM | N/A |
| The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. | |||||
| CVE-2015-3030 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | |||||
| CVE-2015-5490 | 1 Views Project | 1 Views | 2025-04-12 | 5.0 MEDIUM | N/A |
| The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. | |||||
| CVE-2015-5084 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2025-04-12 | 2.1 LOW | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3099 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102. | |||||
| CVE-2014-9247 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 4.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. | |||||
| CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | 1.9 LOW | N/A |
| The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2015-2913 | 1 Orientdb | 1 Orientdb | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class. | |||||
| CVE-2016-3012 | 1 Ibm | 2 Api Connect, Network Path Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | |||||
| CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||