Total
10281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0271 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | ||||
| CVE-2014-0919 | 1 Ibm | 1 Db2 | 2025-04-12 | N/A |
| IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | ||||
| CVE-2014-0965 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. | ||||
| CVE-2016-3664 | 1 Trend Micro | 1 Mobile Security | 2025-04-12 | N/A |
| Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1404 | 1 Cisco | 1 Ucs Invicta C3124sa Appliance | 2025-04-12 | N/A |
| Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. | ||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | ||||
| CVE-2015-0764 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | ||||
| CVE-2015-0822 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | ||||
| CVE-2015-0999 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2025-04-12 | N/A |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | ||||
| CVE-2016-3693 | 2 Redhat, Safemode Project | 3 Satellite, Satellite Capsule, Safemode | 2025-04-12 | N/A |
| The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | ||||
| CVE-2015-1106 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | ||||
| CVE-2015-1357 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2025-04-12 | N/A |
| Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. | ||||
| CVE-2015-1595 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | ||||
| CVE-2015-1618 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | ||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | ||||
| CVE-2016-5739 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | ||||
| CVE-2015-1851 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Icehouse, Juno and 2 more | 2025-04-12 | N/A |
| OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | ||||
| CVE-2015-1915 | 1 Ibm | 1 Endpoint Manager Family | 2025-04-12 | N/A |
| The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2015-1914 | 2 Ibm, Redhat | 3 Java, Network Satellite, Rhel Extras | 2025-04-12 | N/A |
| IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. | ||||