Search Results (10810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4071 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVE-2015-4078 1 Cloudera 2 Cloudera Manager, Navigator 2025-04-20 N/A
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVE-2017-4986 1 Emc 1 Secure Remote Services 2025-04-20 N/A
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-5000 1 Emc 1 Rsa Archer Egrc 2025-04-20 N/A
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
CVE-2017-5001 1 Emc 1 Rsa Archer Egrc 2025-04-20 N/A
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.
CVE-2017-8269 1 Google 1 Android 2025-04-20 N/A
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
CVE-2017-8258 1 Google 1 Android 2025-04-20 N/A
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.
CVE-2017-5096 2 Google, Redhat 3 Android, Chrome, Rhel Extras 2025-04-20 N/A
Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.
CVE-2017-8183 1 Huawei 2 Mtk Platform Smart Phone, Mtk Platform Smart Phone Firmware 2025-04-20 N/A
MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.
CVE-2015-5059 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
CVE-2017-5117 5 Debian, Google, Linux and 2 more 5 Debian Linux, Chrome, Linux Kernel and 2 more 2025-04-20 N/A
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-14680 1 Zkteco 1 Zktime Web 2025-04-20 N/A
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVE-2011-4343 1 Apache 1 Myfaces 2025-04-20 N/A
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
CVE-2017-1484 1 Ibm 1 Websphere Commerce 2025-04-20 N/A
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
CVE-2017-5670 1 Riverbed 1 Rios 2025-04-20 N/A
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.
CVE-2017-5672 1 Kony 1 Enterprise Mobile Management 2025-04-20 N/A
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
CVE-2015-6671 1 Edx 1 Edx-platform 2025-04-20 5.9 Medium
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
CVE-2015-6668 1 Wp-jobmanager 1 Job Manager 2025-04-20 N/A
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
CVE-2017-1490 1 Ibm 1 Jazz Reporting Service 2025-04-20 N/A
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.
CVE-2015-0783 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.