Export limit exceeded: 364935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10767 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2971 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
CVE-2016-1556 1 Netgear 12 Wn604, Wn604 Firmware, Wnap320 and 9 more 2025-04-20 N/A
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
CVE-2015-8628 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
CVE-2017-15198 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVE-2015-8559 1 Chef 1 Chef 2025-04-20 7.5 High
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
CVE-2015-8544 1 Netapp 1 Snapdrive 2025-04-20 N/A
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-7488 2 Authconfig Project, Redhat 2 Authconfig, Enterprise Linux 2025-04-20 N/A
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
CVE-2015-8470 1 Puppet 1 Puppet Enterprise 2025-04-20 N/A
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
CVE-2014-0043 1 Apache 1 Wicket 2025-04-20 N/A
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
CVE-2015-8034 1 Saltstack 1 Salt 2025-04-20 N/A
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2017-15110 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
CVE-2017-14991 1 Linux 1 Linux Kernel 2025-04-20 N/A
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
CVE-2015-7732 1 Avira 1 Avira Mobile Security 2025-04-20 N/A
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
CVE-2017-6046 1 Sierra Wireless 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more 2025-04-20 N/A
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
CVE-2017-6045 1 Trihedral 1 Vtscada 2025-04-20 N/A
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
CVE-2015-3614 1 Fortinet 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more 2025-04-20 N/A
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
CVE-2017-14971 1 Infocuscorp 1 Infocus Mondopad 2025-04-20 N/A
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.
CVE-2017-3797 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.
CVE-2017-6778 1 Cisco 1 Ultra Services Platform 2025-04-20 N/A
A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.
CVE-2017-5927 5 Allwinner, Amd, Intel and 2 more 20 A64, Athlon Ii 640 X4, E-350 and 17 more 2025-04-20 N/A
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.