Export limit exceeded: 10829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10829 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4615 3 Canonical, Openstack, Redhat 6 Ubuntu Linux, Neutron, Oslo and 3 more 2025-04-12 N/A
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
CVE-2014-4701 1 Nagios 1 Nagios 2025-04-12 N/A
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
CVE-2014-4702 1 Nagios 1 Nagios 2025-04-12 N/A
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
CVE-2016-4620 1 Apple 1 Iphone Os 2025-04-12 N/A
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVE-2016-6494 2 Fedoraproject, Mongodb 2 Fedora, Mongodb 2025-04-12 N/A
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
CVE-2016-4645 1 Apple 1 Mac Os X 2025-04-12 N/A
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-4646 1 Apple 1 Mac Os X 2025-04-12 N/A
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
CVE-2016-4758 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2015-0271 1 Redhat 1 Openstack 2025-04-12 N/A
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2016-4771 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
CVE-2016-4784 1 Siemens 9 Siprotec 4 En100, Siprotec Compact Model 7rw80, Siprotec Compact Model 7sd80 and 6 more 2025-04-12 N/A
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.
CVE-2016-4785 1 Siemens 9 Siprotec 4 En100, Siprotec Compact Model, Siprotec Compact Model 7rw80 and 6 more 2025-04-12 N/A
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices.
CVE-2014-0857 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.
CVE-2014-4761 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.
CVE-2016-4913 5 Canonical, Linux, Novell and 2 more 8 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 5 more 2025-04-12 7.8 High
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
CVE-2014-0896 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.
CVE-2016-5233 1 Huawei 2 Mate 8, Mate 8 Firmware 2025-04-12 N/A
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.
CVE-2014-10026 1 Dlink 2 Dap-1360, Dap-1360 Firmware 2025-04-12 N/A
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
CVE-2016-5279 1 Mozilla 1 Firefox 2025-04-12 N/A
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
CVE-2014-9506 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.