Export limit exceeded: 24780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3066 | 1 Spice-gtk Project | 1 Spice-gtk | 2025-04-20 | N/A |
| The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | ||||
| CVE-2016-2866 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. | ||||
| CVE-2016-2964 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. | ||||
| CVE-2016-2966 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | ||||
| CVE-2016-4842 | 1 Cybozu | 1 Mailwise | 2025-04-20 | N/A |
| Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | ||||
| CVE-2016-5988 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | ||||
| CVE-2016-5994 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | N/A |
| IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. | ||||
| CVE-2016-6018 | 1 Ibm | 1 Emptoris Contract Management | 2025-04-20 | N/A |
| IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. | ||||
| CVE-2016-6024 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | N/A |
| IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | ||||
| CVE-2016-2969 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | ||||
| CVE-2016-6029 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | N/A |
| IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881. | ||||
| CVE-2016-6034 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Windows | 2025-04-20 | N/A |
| IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | ||||
| CVE-2016-4976 | 1 Apache | 1 Ambari | 2025-04-20 | N/A |
| Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | ||||
| CVE-2016-4456 | 1 Gnu | 1 Gnutls | 2025-04-20 | 7.5 High |
| The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | ||||
| CVE-2016-4992 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-20 | N/A |
| 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | ||||
| CVE-2016-4461 | 2 Apache, Netapp | 2 Struts, Oncommand Balance | 2025-04-20 | N/A |
| Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | ||||
| CVE-2016-4462 | 1 Apache | 1 Ofbiz | 2025-04-20 | N/A |
| By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | ||||
| CVE-2016-5001 | 1 Apache | 1 Hadoop | 2025-04-20 | N/A |
| This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. | ||||
| CVE-2016-5076 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | N/A |
| CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. | ||||
| CVE-2016-3086 | 1 Apache | 1 Hadoop | 2025-04-20 | N/A |
| The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. | ||||