Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
| CVE-2014-4876 | 1 Toshiba | 1 4690 Operating System | 2015-12-31 | 4.3 MEDIUM | 3.7 LOW |
| Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | |||||
| CVE-2015-7787 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2015-12-30 | 3.3 LOW | 4.3 MEDIUM |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | |||||
| CVE-2015-8253 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2015-12-28 | 4.3 MEDIUM | 3.7 LOW |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. | |||||
| CVE-2015-8252 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2015-12-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | |||||
| CVE-2015-6471 | 1 Eaton | 1 Proview | 2015-12-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | |||||
| CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-7908 | 1 Honeywell | 4 Midas, Midas Black, Midas Black Firmware and 1 more | 2015-12-21 | 9.3 HIGH | N/A |
| Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | |||||
| CVE-2014-4669 | 1 Hp | 1 Enterprise Maps | 2015-12-18 | 3.5 LOW | N/A |
| HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-8601 | 1 Chat Room Project | 1 Chat Room | 2015-12-18 | 5.0 MEDIUM | N/A |
| The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors. | |||||
| CVE-2015-8602 | 1 Token Insert Entity Project | 1 Token Insert Entity | 2015-12-18 | 3.5 LOW | N/A |
| The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node. | |||||
| CVE-2015-6556 | 1 Symantec | 1 Endpoint Encryption | 2015-12-18 | 2.3 LOW | N/A |
| EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |||||
| CVE-2015-6624 | 1 Google | 1 Android | 2015-12-09 | 4.3 MEDIUM | N/A |
| System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. | |||||
| CVE-2015-6625 | 1 Google | 1 Android | 2015-12-09 | 4.3 MEDIUM | N/A |
| System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. | |||||
| CVE-2015-6629 | 1 Google | 1 Android | 2015-12-09 | 5.0 MEDIUM | N/A |
| Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. | |||||
| CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2015-11-30 | 4.3 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-0680 | 1 Cisco | 1 Unified Callmanager | 2015-11-30 | 4.0 MEDIUM | N/A |
| Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. | |||||
| CVE-2015-1112 | 1 Apple | 2 Iphone Os, Safari | 2015-11-30 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | |||||
| CVE-2015-0174 | 1 Ibm | 1 Websphere Application Server | 2015-11-30 | 4.0 MEDIUM | N/A |
| The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2015-11-30 | 2.1 LOW | N/A |
| The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||