Export limit exceeded: 366311 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8397 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397.
CVE-2017-16787 1 Meinbergglobal 2 Lantime, Lantime Firmware 2025-04-20 N/A
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
CVE-2016-8407 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656.
CVE-2016-8471 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380.
CVE-2016-8473 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790.
CVE-2016-8474 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972.
CVE-2016-8475 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129.
CVE-2016-8483 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099.
CVE-2016-8492 1 Fortinet 1 Fortios 2025-04-20 N/A
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
CVE-2016-8495 1 Fortinet 1 Fortimanager Firmware 2025-04-20 N/A
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
CVE-2016-8724 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 5.3 Medium
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.
CVE-2016-8727 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2025-04-20 N/A
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.
CVE-2016-8741 1 Apache 1 Qpid Broker-j 2025-04-20 7.5 High
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.
CVE-2016-8940 1 Ibm 1 Tivoli Storage Manager 2025-04-20 N/A
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
CVE-2017-2357 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-8981 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 N/A
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
CVE-2017-12855 1 Xen 1 Xen 2025-04-20 N/A
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
CVE-2017-2448 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
CVE-2016-9710 1 Ibm 1 Cognos Business Intelligence Server 2025-04-20 N/A
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.
CVE-2016-9735 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 N/A
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,