Export limit exceeded: 16497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10712 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3862 | 1 Hl7 | 1 C-cda | 2025-04-12 | N/A |
| CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. | ||||
| CVE-2016-5508 | 1 Oracle | 1 Solaris Cluster | 2025-04-12 | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo. | ||||
| CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | ||||
| CVE-2016-5565 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA. | ||||
| CVE-2015-2505 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability." | ||||
| CVE-2016-5575 | 1 Oracle | 1 Common Applications | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module. | ||||
| CVE-2013-7373 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | ||||
| CVE-2016-5696 | 4 Google, Linux, Oracle and 1 more | 8 Android, Linux Kernel, Vm Server and 5 more | 2025-04-12 | N/A |
| net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. | ||||
| CVE-2014-4776 | 1 Ibm | 1 License Metric Tool | 2025-04-12 | N/A |
| IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-4781 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | N/A |
| The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. | ||||
| CVE-2016-5709 | 1 Solarwinds | 1 Virtualization Manager | 2025-04-12 | N/A |
| SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | ||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2025-04-12 | N/A |
| The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | ||||
| CVE-2014-4832 | 1 Ibm | 3 Qradar Risk Manager, Qradar Security Information And Event Manager, Qradar Vulnerability Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | ||||
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 3.7 Low |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | ||||
| CVE-2016-5722 | 1 Huawei | 8 Ocean Stor 18500 V3, Ocean Stor 18800 V3, Ocean Stor 5300 V3 and 5 more | 2025-04-12 | N/A |
| Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | ||||
| CVE-2016-5739 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | ||||
| CVE-2015-2556 | 1 Microsoft | 1 Sharepoint Server | 2025-04-12 | N/A |
| The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." | ||||
| CVE-2016-5744 | 1 Siemens | 1 Simatic Wincc | 2025-04-12 | N/A |
| Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | ||||
| CVE-2011-5314 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | N/A |
| templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | ||||
| CVE-2016-6231 | 1 Kaspersky | 1 Safe Browser | 2025-04-12 | N/A |
| Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | ||||