Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6332 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. | ||||
| CVE-2016-6335 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. | ||||
| CVE-2016-6341 | 1 Ovirt | 1 Ovirt | 2025-04-20 | N/A |
| oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | ||||
| CVE-2014-0043 | 1 Apache | 1 Wicket | 2025-04-20 | N/A |
| In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | ||||
| CVE-2016-6349 | 1 Projectatomic | 1 Oci-register-machine | 2025-04-20 | N/A |
| The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. | ||||
| CVE-2016-6495 | 1 Netapp | 1 Data Ontap | 2025-04-20 | N/A |
| NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access. | ||||
| CVE-2017-0420 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. | ||||
| CVE-2017-3743 | 1 Lenovo | 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer | 2025-04-20 | N/A |
| If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. | ||||
| CVE-2017-0011 | 1 Microsoft | 1 Edge | 2025-04-20 | N/A |
| Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. | ||||
| CVE-2017-0425 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. | ||||
| CVE-2017-0426 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. | ||||
| CVE-2017-13990 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | ||||
| CVE-2017-14240 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | N/A |
| There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. | ||||
| CVE-2017-0879 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. | ||||
| CVE-2017-0027 | 1 Microsoft | 3 Excel, Office Compatibility Pack, Sharepoint Server | 2025-04-20 | N/A |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| CVE-2017-3560 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-20 | N/A |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2017-0881 | 1 Zulip | 1 Zulip Server | 2025-04-20 | N/A |
| An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server. | ||||
| CVE-2017-0882 | 1 Gitlab | 1 Gitlab | 2025-04-20 | N/A |
| Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. | ||||
| CVE-2016-0270 | 1 Ibm | 3 Client Application Access, Domino, Notes | 2025-04-20 | N/A |
| IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. | ||||
| CVE-2007-6761 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | ||||