Search Results (10720 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4169 1 Adobe 1 Experience Manager 2025-04-12 N/A
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
CVE-2015-6759 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.
CVE-2015-2505 1 Microsoft 1 Exchange Server 2025-04-12 N/A
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."
CVE-2015-1716 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."
CVE-2015-6830 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
CVE-2014-9579 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.
CVE-2015-0969 1 Searchblox 1 Searchblox 2025-04-12 N/A
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
CVE-2014-9675 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-04-12 N/A
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
CVE-2015-6862 1 Hp 1 Ucmdb Browser 2025-04-12 N/A
HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
CVE-2016-2961 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
CVE-2016-3816 1 Google 1 Android 2025-04-12 N/A
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.
CVE-2015-8280 1 Samsung 1 Web Viewer 2025-04-12 N/A
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.
CVE-2015-1686 1 Microsoft 2 Internet Explorer, Vbscript 2025-04-12 N/A
The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
CVE-2016-3814 1 Google 1 Android 2025-04-12 N/A
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
CVE-2015-6679 6 Adobe, Apple, Google and 3 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 N/A
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
CVE-2014-3410 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
CVE-2014-9731 1 Linux 1 Linux Kernel 2025-04-12 N/A
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.
CVE-2016-2882 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
CVE-2015-1488 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
CVE-2015-2711 2 Mozilla, Opensuse 2 Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.