Export limit exceeded: 10818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2025-04-12 N/A
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-3155 1 Siemens 1 Apogee Insight 2025-04-12 N/A
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-0201 1 Ibm 1 Security Network Protection Firmware 2025-04-12 N/A
GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.
CVE-2016-0385 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-3215 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2025-04-12 N/A
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
CVE-2016-3255 1 Microsoft 1 .net Framework 2025-04-12 N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
CVE-2016-3256 1 Microsoft 1 Windows 10 2025-04-12 N/A
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."
CVE-2016-0823 2 Google, Linux 2 Android, Linux Kernel 2025-04-12 N/A
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
CVE-2016-3261 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-3262 1 Microsoft 12 Live Meeting, Lync, Office and 9 more 2025-04-12 N/A
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
CVE-2016-0831 1 Google 1 Android 2025-04-12 N/A
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
CVE-2016-3325 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-3329 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-3391 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-7555 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
CVE-2014-0708 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
CVE-2014-1515 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.
CVE-2016-3639 1 Sap 1 Hana Db 2025-04-12 N/A
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128.
CVE-2016-3640 1 Sap 1 Hana Db 2025-04-12 N/A
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.
CVE-2016-1849 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.