Total
9524 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-42866 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 5.5 Medium |
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. | ||||
CVE-2022-42854 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. | ||||
CVE-2022-42852 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-21 | 6.5 Medium |
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
CVE-2025-32953 | 2025-04-21 | 8.7 High | ||
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916. | ||||
CVE-2022-46698 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2025-04-21 | 6.5 Medium |
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. | ||||
CVE-2022-0882 | 1 Google | 1 Fuchsia | 2025-04-21 | 5.3 Medium |
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | ||||
CVE-2014-9970 | 2 Jasypt Project, Redhat | 8 Jasypt, Enterprise Linux, Jboss Bpms and 5 more | 2025-04-20 | N/A |
jasypt before 1.9.2 allows a timing attack against the password hash comparison. | ||||
CVE-2016-6341 | 1 Ovirt | 1 Ovirt | 2025-04-20 | N/A |
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | ||||
CVE-2016-6335 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | ||||
CVE-2016-6311 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-20 | N/A |
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | ||||
CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-20 | N/A |
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | ||||
CVE-2016-6249 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-04-20 | N/A |
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. | ||||
CVE-2016-6190 | 1 Inverse-inc | 1 Sogo | 2025-04-20 | N/A |
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | ||||
CVE-2016-6092 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | N/A |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | ||||
CVE-2016-6080 | 1 Ibm | 1 Websphere Message Broker | 2025-04-20 | N/A |
The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | ||||
CVE-2016-6060 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | N/A |
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. | ||||
CVE-2016-6024 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | N/A |
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | ||||
CVE-2016-6018 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-20 | N/A |
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. | ||||
CVE-2016-5953 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-20 | N/A |
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. | ||||
CVE-2016-5938 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | N/A |
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. |