Export limit exceeded: 344930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10306 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10306 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10911 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. | ||||
| CVE-2015-5959 | 1 Froxlor | 1 Froxlor | 2025-04-20 | N/A |
| Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | ||||
| CVE-2015-5187 | 1 Candlepinproject | 1 Candlepin | 2025-04-20 | N/A |
| Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. | ||||
| CVE-2015-5173 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 8.8 High |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." | ||||
| CVE-2015-5152 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-20 | N/A |
| Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | ||||
| CVE-2015-5070 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | ||||
| CVE-2015-5069 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | ||||
| CVE-2015-5059 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | N/A |
| The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php. | ||||
| CVE-2015-4688 | 1 Ellucian | 1 Banner Student | 2025-04-20 | N/A |
| Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | ||||
| CVE-2015-4682 | 1 Polycom | 1 Realpresence Resource Manager | 2025-04-20 | N/A |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | ||||
| CVE-2015-3642 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway | 2025-04-20 | N/A |
| The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | ||||
| CVE-2015-3634 | 1 Slideshow Project | 1 Slideshow | 2025-04-20 | N/A |
| The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | ||||
| CVE-2015-3614 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | N/A |
| Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | ||||
| CVE-2015-3454 | 1 Vulcanjs | 1 Vulcan | 2025-04-20 | N/A |
| TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | ||||
| CVE-2015-3142 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2025-04-20 | N/A |
| The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. | ||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | N/A |
| The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | ||||
| CVE-2015-2251 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | N/A |
| The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | ||||
| CVE-2015-2246 | 1 Huawei | 2 P7-l10, P7-l10 Firmware | 2025-04-20 | N/A |
| The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | ||||
| CVE-2015-1600 | 1 Netatmo | 2 Indoor Module, Indoor Module Firmware | 2025-04-20 | N/A |
| Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. | ||||
| CVE-2017-0060 | 1 Microsoft | 14 Live Meeting, Lync, Office and 11 more | 2025-04-20 | 5.5 Medium |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | ||||