Export limit exceeded: 10718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10718 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5782 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7108 1 Huawei 1 Uma 2025-04-12 N/A
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
CVE-2014-7992 1 Cisco 1 Ios 2025-04-12 N/A
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
CVE-2015-4209 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.
CVE-2015-6355 1 Cisco 1 Unified Computing System 2025-04-12 N/A
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
CVE-2015-4208 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
CVE-2015-5781 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-4207 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
CVE-2016-3956 3 Ibm, Nodejs, Npmjs 3 Sdk, Node.js, Npm 2025-04-12 7.5 High
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
CVE-2015-4194 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
CVE-2015-6344 1 Cisco 1 Asa Cx Context-aware Security Software 2025-04-12 N/A
The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.
CVE-2016-5367 1 Huawei 2 Honor Ws851, Honor Ws851 Firmware 2025-04-12 N/A
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
CVE-2015-4053 2 Ceph, Redhat 2 Ceph-deploy, Ceph Storage 2025-04-12 N/A
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVE-2016-3812 1 Google 1 Android 2025-04-12 N/A
The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.
CVE-2015-5730 1 Wordpress 1 Wordpress 2025-04-12 N/A
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.
CVE-2016-4985 2 Canonical, Redhat 2 Openstack Ironic, Openstack 2025-04-12 N/A
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
CVE-2014-0504 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-04-12 N/A
Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.
CVE-2013-7458 2 Debian, Redislabs 2 Debian Linux, Redis 2025-04-12 N/A
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2015-3999 1 Piriform 1 Ccleaner 2025-04-12 N/A
Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.
CVE-2015-3923 1 Coppermine-gallery 1 Coppermine Photo Gallery 2025-04-12 N/A
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.