Export limit exceeded: 10827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5610 1 Solarwinds 1 N-able N-central 2025-04-12 N/A
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
CVE-2016-0783 1 Apache 1 Openmeetings 2025-04-12 N/A
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
CVE-2016-1687 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
CVE-2015-5697 1 Linux 1 Linux Kernel 2025-04-12 N/A
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
CVE-2016-0787 5 Debian, Fedoraproject, Libssh2 and 2 more 5 Debian Linux, Fedora, Libssh2 and 2 more 2025-04-12 N/A
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2015-5730 1 Wordpress 1 Wordpress 2025-04-12 N/A
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.
CVE-2016-0811 1 Google 1 Android 2025-04-12 N/A
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
CVE-2015-5738 2 F5, Marvell 5 Traffix Signaling Delivery Controller, Octeon Ii Cn6000, Octeon Ii Cn6010 and 2 more 2025-04-12 7.5 High
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
CVE-2016-0824 1 Google 1 Android 2025-04-12 N/A
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.
CVE-2015-5742 1 Veeam 1 Veeam Backup \& Replication 2025-04-12 N/A
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
CVE-2015-5831 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-5832 1 Apple 1 Iphone Os 2025-04-12 N/A
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.
CVE-2015-5835 1 Apple 1 Iphone Os 2025-04-12 N/A
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
CVE-2016-3852 1 Google 1 Android 2025-04-12 N/A
The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.
CVE-2015-5842 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
CVE-2016-0862 1 Ge 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more 2025-04-12 N/A
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
CVE-2015-5901 1 Apple 1 Mac Os X 2025-04-12 N/A
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
CVE-2016-0886 1 Emc 1 Documentum Xcp 2025-04-12 N/A
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
CVE-2016-0887 1 Dell 5 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j, Bsafe Micro-edition-suite and 2 more 2025-04-12 N/A
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
CVE-2015-5909 1 Apple 1 Xcode 2025-04-12 N/A
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.