Total
8253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | |||||
| CVE-2016-3327 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-02-04 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326. | |||||
| CVE-2015-5782 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 4.3 MEDIUM | N/A |
| ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |||||
| CVE-2015-6115 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | |||||
| CVE-2016-3255 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | |||||
| CVE-2015-8005 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file. | |||||
| CVE-2016-3321 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 1.9 LOW | 2.5 LOW |
| Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-6838 | 1 Huawei | 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. | |||||
| CVE-2015-6624 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | N/A |
| System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. | |||||
| CVE-2015-5302 | 1 Redhat | 1 Libreport | 2024-02-04 | 5.0 MEDIUM | N/A |
| libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report. | |||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2024-02-04 | 2.1 LOW | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | |||||
| CVE-2016-5243 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | |||||
| CVE-2016-4169 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | |||||
| CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | |||||
| CVE-2015-7429 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2024-02-04 | 4.0 MEDIUM | 8.5 HIGH |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory. | |||||
| CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | |||||
| CVE-2015-4949 | 1 Ibm | 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 2024-02-04 | 2.1 LOW | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557. | |||||
| CVE-2015-5006 | 3 Ibm, Redhat, Suse | 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more | 2024-02-04 | 2.1 LOW | N/A |
| IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. | |||||
| CVE-2016-1455 | 1 Cisco | 8 Nexus 93128, Nexus 9396px, Nexus 9396tx and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. | |||||
| CVE-2016-3711 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | |||||