Export limit exceeded: 10766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10213 | 1 A10networks | 1 Advanced Core Operating System | 2025-04-20 | N/A |
| A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | ||||
| CVE-2016-10296 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782. | ||||
| CVE-2015-6918 | 1 Saltstack | 1 Salt 2015 | 2025-04-20 | N/A |
| salt before 2015.5.5 leaks git usernames and passwords to the log. | ||||
| CVE-2015-1027 | 1 Percona | 2 Toolkit, Xtrabackup | 2025-04-20 | N/A |
| The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. | ||||
| CVE-2015-8020 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | N/A |
| Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | ||||
| CVE-2015-1828 | 1 Http.rb Project | 1 Http.rb | 2025-04-20 | 5.9 Medium |
| The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | ||||
| CVE-2015-2246 | 1 Huawei | 2 P7-l10, P7-l10 Firmware | 2025-04-20 | N/A |
| The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | ||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | N/A |
| The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | ||||
| CVE-2015-9031 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | ||||
| CVE-2015-3250 | 1 Apache | 1 Directory Ldap Api | 2025-04-20 | N/A |
| Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. | ||||
| CVE-2015-3277 | 1 Mod Nss Project | 1 Mod Nss | 2025-04-20 | N/A |
| The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. | ||||
| CVE-2015-9231 | 1 Iterm2 | 1 Iterm2 | 2025-04-20 | N/A |
| iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware. | ||||
| CVE-2015-3642 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway | 2025-04-20 | N/A |
| The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | ||||
| CVE-2017-8544 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". | ||||
| CVE-2017-1000380 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-20 | N/A |
| sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | ||||
| CVE-2017-1000382 | 1 Vim | 1 Vim | 2025-04-20 | N/A |
| VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. | ||||
| CVE-2017-1000410 | 3 Debian, Linux, Redhat | 13 Debian Linux, Linux Kernel, Enterprise Linux and 10 more | 2025-04-20 | N/A |
| The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). | ||||
| CVE-2017-14770 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2025-04-20 | N/A |
| Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. | ||||
| CVE-2017-14772 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2025-04-20 | N/A |
| Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | ||||
| CVE-2017-14775 | 1 Laravel | 1 Laravel | 2025-04-20 | N/A |
| Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | ||||