Export limit exceeded: 10816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16687 1 Sap 1 Hana Database 2025-04-20 N/A
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
CVE-2017-6645 1 Cisco 1 Remote Expert Manager 2025-04-20 N/A
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861.
CVE-2017-13694 1 Linux 1 Linux Kernel 2025-04-20 N/A
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVE-2015-6250 1 Simple-php-captcha Project 1 Simple-php-captcha 2025-04-20 N/A
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.
CVE-2016-2941 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
CVE-2015-5959 1 Froxlor 1 Froxlor 2025-04-20 N/A
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
CVE-2016-2966 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.
CVE-2016-2969 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.
CVE-2017-6642 1 Cisco 1 Remote Expert Manager 2025-04-20 N/A
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.
CVE-2016-2970 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.
CVE-2017-5184 1 Microfocus 1 Sentinel 2025-04-20 N/A
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).
CVE-2015-5383 1 Roundcube 2 Roundcube Webmail, Webmail 2025-04-20 N/A
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVE-2015-5378 2 Elastic, Elasticsearch 2 Logstash, Logstash 2025-04-20 N/A
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
CVE-2016-2974 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.
CVE-2016-2976 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.
CVE-2015-5284 1 Freeipa 1 Freeipa 2025-04-20 N/A
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVE-2016-2978 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.
CVE-2017-5146 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2025-04-20 N/A
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVE-2017-14603 1 Digium 2 Asterisk, Certified Asterisk 2025-04-20 N/A
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
CVE-2015-5173 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2025-04-20 8.8 High
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."