Total
10344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3664 | 1 Trend Micro | 1 Mobile Security | 2025-04-12 | N/A |
| Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-3852 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | ||||
| CVE-2016-0783 | 1 Apache | 1 Openmeetings | 2025-04-12 | N/A |
| The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. | ||||
| CVE-2016-3648 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | ||||
| CVE-2016-3810 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389. | ||||
| CVE-2016-4485 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | N/A |
| The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. | ||||
| CVE-2015-2855 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2025-04-12 | N/A |
| The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. | ||||
| CVE-2015-7940 | 4 Bouncycastle, Opensuse, Oracle and 1 more | 9 Bouncy Castle Crypto Package, Leap, Opensuse and 6 more | 2025-04-12 | N/A |
| The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | ||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-12 | N/A |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | ||||
| CVE-2016-3834 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. | ||||
| CVE-2015-5288 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. | ||||
| CVE-2016-4569 | 4 Canonical, Linux, Novell and 1 more | 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more | 2025-04-12 | N/A |
| The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | ||||
| CVE-2014-2061 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | ||||
| CVE-2016-6688 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080. | ||||
| CVE-2014-9419 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-12 | N/A |
| The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. | ||||
| CVE-2016-9756 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | ||||
| CVE-2015-7502 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | ||||
| CVE-2016-3215 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2025-04-12 | N/A |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201. | ||||
| CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | ||||
| CVE-2015-7511 | 3 Canonical, Debian, Gnupg | 3 Ubuntu Linux, Debian Linux, Libgcrypt | 2025-04-12 | N/A |
| Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. | ||||