| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors. |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5089. |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. |
| The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. |
| IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. |
| The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
| AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." |
| SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. |
| The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. |
| WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. |
| CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. |
| The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. |
| The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. |
| Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. |
