Search Results (26340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3066 1 Spice-gtk Project 1 Spice-gtk 2025-04-20 N/A
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
CVE-2016-5197 1 Google 1 Chrome 2025-04-20 N/A
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
CVE-2017-0585 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.
CVE-2016-8416 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206.
CVE-2016-2977 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
CVE-2017-0721 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455.
CVE-2015-3642 1 Citrix 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway 2025-04-20 N/A
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVE-2014-3526 1 Apache 1 Wicket 2025-04-20 7.5 High
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
CVE-2017-0065 1 Microsoft 1 Edge 2025-04-20 N/A
Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068.
CVE-2016-5349 1 Google 1 Android 2025-04-20 N/A
The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. When secure applications inside Qualcomm Secure Execution Environment (QSEE) receive memory addresses from a high level operating system (HLOS) such as Linux Android, those address have previously been verified as belonging to HLOS memory space rather than QSEE memory space, but they were not verified to be from HLOS user space rather than kernel space. This lack of verification could lead to privilege escalation within the HLOS.
CVE-2014-3462 2 Encfs Project, Opensuse 3 Encfs, Leap, Opensuse 2025-04-20 7.5 High
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
CVE-2016-8273 1 Huawei 1 Hisuite 2025-04-20 N/A
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.
CVE-2015-1870 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2025-04-20 N/A
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.
CVE-2015-7514 1 Openstack 1 Ironic 2025-04-20 N/A
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVE-2016-6024 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 N/A
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
CVE-2015-4682 1 Polycom 1 Realpresence Resource Manager 2025-04-20 N/A
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVE-2015-4646 1 Squashfs Project 1 Squashfs 2025-04-20 7.5 High
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
CVE-2017-2643 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.2.x, global search displays user names for unauthenticated users.
CVE-2016-7821 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
CVE-2016-8981 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 N/A
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.