Search Results (10817 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4407 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVE-2016-2498 1 Google 2 Android, Nexus 7 2025-04-12 N/A
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
CVE-2016-3562 1 Oracle 1 Database Server 2025-04-12 N/A
Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA.
CVE-2015-8964 1 Linux 1 Linux Kernel 2025-04-12 N/A
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
CVE-2016-2460 1 Google 1 Android 2025-04-12 N/A
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
CVE-2014-0919 1 Ibm 1 Db2 2025-04-12 N/A
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
CVE-2015-3044 7 Adobe, Apple, Linux and 4 more 13 Flash Player, Mac Os X, Linux Kernel and 10 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
CVE-2015-2980 1 Yodobashi 1 Yodobashi 2025-04-12 N/A
The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.
CVE-2015-8869 4 Fedoraproject, Ocaml, Opensuse and 1 more 4 Fedora, Ocaml, Opensuse and 1 more 2025-04-12 N/A
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
CVE-2015-2804 1 Alcatel-lucent 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more 2025-04-12 N/A
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
CVE-2016-1092 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079.
CVE-2014-2383 1 Dompdf 1 Dompdf 2025-04-12 N/A
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
CVE-2014-9576 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.
CVE-2014-9577 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.
CVE-2014-2521 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
CVE-2014-9579 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.
CVE-2014-2749 1 Sap 1 Hana 2025-04-12 N/A
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
CVE-2014-2719 2 Asus, T-mobile 10 Rt-ac66u Firmware, Rt-ac68u, Rt-ac68u Firmware and 7 more 2025-04-12 N/A
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
CVE-2015-8280 1 Samsung 1 Web Viewer 2025-04-12 N/A
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.
CVE-2014-3667 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.