Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6705 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6706, and CVE-2015-7624. | ||||
| CVE-2014-4832 | 1 Ibm | 3 Qradar Risk Manager, Qradar Security Information And Event Manager, Qradar Vulnerability Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | ||||
| CVE-2014-4874 | 1 Bmc | 1 Track-it\! | 2025-04-12 | N/A |
| BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. | ||||
| CVE-2015-6706 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6705, and CVE-2015-7624. | ||||
| CVE-2014-9579 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | ||||
| CVE-2015-1244 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. | ||||
| CVE-2014-5320 | 1 Bump Project | 1 Bump | 2025-04-12 | N/A |
| The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | ||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2025-04-12 | N/A |
| The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | ||||
| CVE-2015-1618 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | ||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2025-04-12 | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | ||||
| CVE-2014-6088 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. | ||||
| CVE-2014-6130 | 1 Ibm | 1 Notes Traveler | 2025-04-12 | N/A |
| The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. | ||||
| CVE-2014-6172 | 1 Ibm | 1 Api Management | 2025-04-12 | N/A |
| IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors. | ||||
| CVE-2014-6211 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2014-3341 | 1 Cisco | 15 Nexus 5000, Nexus 5010, Nexus 5010p Switch and 12 more | 2025-04-12 | N/A |
| The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. | ||||
| CVE-2015-2139 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. | ||||
| CVE-2014-6624 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | N/A |
| The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-1716 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | N/A |
| Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability." | ||||
| CVE-2015-2136 | 1 Hp | 1 Arcsight Logger | 2025-04-12 | N/A |
| HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | ||||
| CVE-2013-6241 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | N/A |
| The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | ||||