Total
8255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0757 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. | |||||
| CVE-2014-8391 | 1 Sendio | 1 Sendio | 2024-02-04 | 4.0 MEDIUM | N/A |
| The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests. | |||||
| CVE-2016-3837 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077. | |||||
| CVE-2016-2055 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | |||||
| CVE-2015-7421 | 1 Ibm | 1 Mq Appliance M2000 | 2024-02-04 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420. | |||||
| CVE-2016-0853 | 1 Advantech | 1 Webaccess | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | |||||
| CVE-2015-6556 | 1 Symantec | 1 Endpoint Encryption | 2024-02-04 | 2.3 LOW | N/A |
| EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |||||
| CVE-2016-1192 | 1 Cybozu | 1 Garoon | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | |||||
| CVE-2016-0012 | 1 Microsoft | 6 Excel, Office, Powerpoint and 3 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass." | |||||
| CVE-2016-3370 | 1 Microsoft | 5 Edge, Windows 10, Windows 8.1 and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374. | |||||
| CVE-2015-2998 | 1 Sysaid | 1 Sysaid | 2024-02-04 | 5.0 MEDIUM | N/A |
| SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. | |||||
| CVE-2015-8252 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | |||||
| CVE-2016-3918 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403. | |||||
| CVE-2015-0987 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | |||||
| CVE-2016-2026 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. | |||||
| CVE-2015-7981 | 4 Canonical, Debian, Libpng and 1 more | 10 Ubuntu Linux, Debian Linux, Libpng and 7 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | |||||
| CVE-2015-6679 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6276 | 1 Cisco | 1 Telepresence System Software Ix | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. | |||||
| CVE-2016-1000214 | 1 Ruckus | 1 Wireless H500 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ruckus Wireless H500 web management interface authentication bypass | |||||
| CVE-2015-2367 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2024-02-04 | 2.1 LOW | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability." | |||||