Export limit exceeded: 10370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0201 | 1 Ibm | 1 Security Network Protection Firmware | 2025-04-12 | N/A |
| GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | ||||
| CVE-2016-7887 | 4 Adobe, Apple, Linux and 1 more | 4 Coldfusion Builder, Macos, Linux Kernel and 1 more | 2025-04-12 | 7.5 High |
| Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. | ||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | ||||
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2016-7960 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | ||||
| CVE-2016-7219 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-12 | N/A |
| The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." | ||||
| CVE-2016-7257 | 1 Microsoft | 4 Office For Mac, Windows 7, Windows Server 2008 and 1 more | 2025-04-12 | N/A |
| The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | ||||
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | N/A |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | ||||
| CVE-2014-9712 | 1 Websense | 1 V-series Appliances | 2025-04-12 | N/A |
| Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. | ||||
| CVE-2013-4725 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2016-8295 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Time And Labor | 2025-04-12 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | ||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | ||||
| CVE-2015-1692 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." | ||||
| CVE-2013-4194 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. | ||||
| CVE-2016-4578 | 5 Canonical, Debian, Linux and 2 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-12 | N/A |
| sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | ||||
| CVE-2014-5213 | 1 Novell | 1 Edirectory | 2025-04-12 | N/A |
| nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. | ||||
| CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2025-04-12 | N/A |
| CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | ||||
| CVE-2016-8672 | 1 Siemens | 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more | 2025-04-12 | N/A |
| A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission. | ||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2025-04-12 | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2016-9567 | 1 Samsung | 1 Samsung Mobile | 2025-04-12 | N/A |
| The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. | ||||