Total
10366 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0347 | 1 Webfs | 1 Webfs | 2025-04-12 | N/A |
| The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | ||||
| CVE-2014-5137 | 1 Iii | 1 Sierra | 2025-04-12 | N/A |
| Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | ||||
| CVE-2015-8869 | 4 Fedoraproject, Ocaml, Opensuse and 1 more | 4 Fedora, Ocaml, Opensuse and 1 more | 2025-04-12 | N/A |
| OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. | ||||
| CVE-2015-8749 | 1 Openstack | 1 Nova | 2025-04-12 | N/A |
| The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. | ||||
| CVE-2015-8602 | 1 Token Insert Entity Project | 1 Token Insert Entity | 2025-04-12 | N/A |
| The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node. | ||||
| CVE-2015-8601 | 1 Chat Room Project | 1 Chat Room | 2025-04-12 | N/A |
| The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. | ||||
| CVE-2015-8569 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | ||||
| CVE-2015-8488 | 1 Cybozu | 1 Office | 2025-04-12 | N/A |
| Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | ||||
| CVE-2015-8487 | 1 Cybozu | 1 Office | 2025-04-12 | N/A |
| Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | ||||
| CVE-2015-8232 | 1 Uc Profile Project | 1 Uc Profile | 2025-04-12 | N/A |
| The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors. | ||||
| CVE-2015-8090 | 1 Tibco | 1 Loglogic Unity | 2025-04-12 | N/A |
| The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. | ||||
| CVE-2015-7935 | 1 Motorola | 1 Moscad Ip Gateway Firmware | 2025-04-12 | N/A |
| Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-7931 | 1 Adcon | 1 A840 Telemetry Gateway Base Station Firmware | 2025-04-12 | N/A |
| The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | ||||
| CVE-2015-7929 | 1 Ewon | 1 Ewon Firmware | 2025-04-12 | N/A |
| eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | ||||
| CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | N/A |
| Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | ||||
| CVE-2015-7885 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | ||||
| CVE-2015-7763 | 1 Openafs | 1 Openafs | 2025-04-12 | N/A |
| rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | ||||
| CVE-2015-7762 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2025-04-12 | N/A |
| rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | ||||
| CVE-2015-7761 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | ||||
| CVE-2015-7488 | 1 Ibm | 1 Spectrum Scale | 2025-04-12 | N/A |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. | ||||