Export limit exceeded: 15865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0168 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. | ||||
| CVE-2015-5711 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2025-04-12 | N/A |
| TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. | ||||
| CVE-2016-4985 | 2 Canonical, Redhat | 2 Openstack Ironic, Openstack | 2025-04-12 | N/A |
| The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | ||||
| CVE-2015-5855 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | ||||
| CVE-2016-5744 | 1 Siemens | 1 Simatic Wincc | 2025-04-12 | N/A |
| Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | ||||
| CVE-2016-5739 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. | ||||
| CVE-2016-5730 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. | ||||
| CVE-2015-5781 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | ||||
| CVE-2015-5788 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | ||||
| CVE-2015-5834 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | ||||
| CVE-2015-5835 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | ||||
| CVE-2015-5836 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | ||||
| CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | ||||
| CVE-2016-5709 | 1 Solarwinds | 1 Virtualization Manager | 2025-04-12 | N/A |
| SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | ||||
| CVE-2015-8950 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. | ||||
| CVE-2015-5860 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | ||||
| CVE-2016-5677 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2025-04-12 | N/A |
| NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. | ||||
| CVE-2016-5618 | 1 Oracle | 1 Data Integrator | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | ||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | ||||