Search Results (10144 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5231 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2025-04-12 N/A
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.
CVE-2016-1378 1 Cisco 1 Ios 2025-04-12 N/A
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.
CVE-2015-5223 2 Openstack, Redhat 3 Swift, Openstack, Storage 2025-04-12 N/A
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CVE-2015-5022 1 Ibm 1 B2b Advanced Communications 2025-04-12 N/A
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
CVE-2016-1489 1 Lenovo 1 Shareit 2025-04-12 N/A
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
CVE-2014-6304 1 Pnmsoft 1 Sequence Kinetics 2025-04-12 N/A
The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors.
CVE-2015-4989 1 Ibm 1 Tealeaf Customer Experience 2025-04-12 N/A
The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.
CVE-2015-3752 2 Apple, Canonical 3 Iphone Os, Safari, Ubuntu Linux 2025-04-12 N/A
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
CVE-2015-3754 1 Apple 1 Safari 2025-04-12 N/A
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
CVE-2015-3764 1 Apple 1 Mac Os X 2025-04-12 N/A
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
CVE-2015-2136 1 Hp 1 Arcsight Logger 2025-04-12 N/A
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
CVE-2015-7915 1 Sauter 1 Moduweb Vision 2025-04-12 N/A
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2016-2015 1 Hp 1 System Management Homepage 2025-04-12 N/A
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-7934 1 Adcon 1 A840 Telemetry Gateway Base Station Firmware 2025-04-12 N/A
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.
CVE-2015-3912 1 Huawei 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui 2025-04-12 N/A
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.
CVE-2016-5250 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2015-4950 1 Ibm 3 Tivoli Storage Fastback For Microsoft Exchange, Tivoli Storage Flashcopy Manager For Microsoft Exchange Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server 2025-04-12 N/A
The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.
CVE-2015-0215 1 Moodle 1 Moodle 2025-04-12 N/A
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
CVE-2015-8268 1 Idera 1 Uptime Infrastructure Monitor 2025-04-12 N/A
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-9044 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.