Export limit exceeded: 10828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10828 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1984 1 Ibm 1 Infosphere Master Data Management 2025-04-12 N/A
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
CVE-2015-1994 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 N/A
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-1996 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 N/A
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.
CVE-2015-2044 1 Xen 1 Xen 2025-04-12 N/A
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
CVE-2015-2742 3 Apple, Mozilla, Oracle 3 Macos, Firefox, Solaris 2025-04-12 N/A
Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.
CVE-2015-2762 1 Websense 1 Triton Ap Web 2025-04-12 N/A
Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.
CVE-2015-2809 1 Synology 1 Diskstation Manager 2025-04-12 N/A
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
CVE-2015-2817 1 Sap 1 Netweaver 2025-04-12 N/A
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVE-2015-3676 1 Apple 1 Mac Os X 2025-04-12 N/A
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3711 1 Apple 1 Mac Os X 2025-04-12 N/A
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
CVE-2015-3690 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
CVE-2015-4536 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
CVE-2015-4214 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.
CVE-2016-1242 1 Tryton 1 Tryton 2025-04-12 N/A
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
CVE-2015-4213 1 Cisco 12 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 9 more 2025-04-12 N/A
Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.
CVE-2015-6404 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 N/A
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.
CVE-2016-0079 1 Microsoft 1 Windows 10 2025-04-12 N/A
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
CVE-2015-6630 1 Google 1 Android 2025-04-12 N/A
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
CVE-2015-6631 1 Google 1 Android 2025-04-12 N/A
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24623447.
CVE-2015-4207 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.