Export limit exceeded: 364886 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15210 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVE-2017-15212 1 Kanboard 1 Kanboard 2025-04-20 N/A
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVE-2017-15236 1 Tiandy 2 Tiandy Ip Camera, Tiandy Ip Camera Firmware 2025-04-20 N/A
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
CVE-2017-7737 1 Fortinet 1 Fortiweb 2025-04-20 N/A
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
CVE-2016-1557 1 Netgear 6 Wnap320, Wnap320 Firmware, Wndap350 and 3 more 2025-04-20 N/A
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2016-1550 2 Ntp, Redhat 3 Ntp, Enterprise Linux, Rhel Eus 2025-04-20 N/A
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
CVE-2016-1556 1 Netgear 12 Wn604, Wn604 Firmware, Wnap320 and 9 more 2025-04-20 N/A
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
CVE-2017-15321 1 Huawei 1 Fusionsphere Openstack 2025-04-20 N/A
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.
CVE-2016-1603 1 Novell 1 Netiq Idm Servicenow Driver 2025-04-20 N/A
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
CVE-2017-15328 1 Huawei 2 Hg8245h, Hg8245h Firmware 2025-04-20 N/A
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.
CVE-2015-1323 1 Canonical 1 Ubuntu Linux 2025-04-20 N/A
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.
CVE-2017-11502 1 Cisco 2 Dpc3928ad Docsis Wireless Router, Dpc3928ad Docsis Wireless Router Firmware 2025-04-20 N/A
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
CVE-2014-9970 2 Jasypt Project, Redhat 8 Jasypt, Enterprise Linux, Jboss Bpms and 5 more 2025-04-20 N/A
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVE-2017-1538 1 Ibm 1 Financial Transaction Manager 2025-04-20 N/A
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.
CVE-2017-15517 1 Netapp 1 Altavault Ost Plug-in 2025-04-20 N/A
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.
CVE-2017-15537 1 Linux 1 Linux Kernel 2025-04-20 N/A
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
CVE-2017-15576 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-20 N/A
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
CVE-2017-15577 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-20 N/A
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
CVE-2016-2102 1 Haproxy 1 Haproxy 2025-04-20 N/A
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVE-2017-15583 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2025-04-20 N/A
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.