Export limit exceeded: 10749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10749 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9898 1 Google 1 Android 2025-04-12 N/A
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.
CVE-2014-9899 1 Google 1 Android 2025-04-12 N/A
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.
CVE-2014-9900 2 Google, Linux 2 Android, Linux Kernel 2025-04-12 N/A
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
CVE-2014-9903 1 Linux 1 Linux Kernel 2025-04-12 N/A
The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.
CVE-2015-0514 1 Emc 2 Vipr Srm, Watch4net 2025-04-12 N/A
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
CVE-2015-0517 1 Emc 1 Documentum D2 2025-04-12 N/A
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
CVE-2015-0519 1 Emc 1 Captiva Capture 2025-04-12 N/A
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
CVE-2015-0527 1 Emc 1 Documentum Xcelerated Management System 2025-04-12 N/A
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.
CVE-2015-0583 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.
CVE-2015-0590 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.
CVE-2015-0595 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.
CVE-2015-0597 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.
CVE-2015-0602 1 Cisco 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware 2025-04-12 N/A
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117.
CVE-2015-0628 1 Cisco 1 Web Security Appliance 2025-04-12 N/A
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
CVE-2015-1015 1 Omron 3 Cj2h Plc, Cj2m Plc, Cx-programmer 2025-04-12 N/A
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.
CVE-2015-1064 1 Apple 1 Iphone Os 2025-04-12 N/A
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
CVE-2015-1089 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1090 1 Apple 1 Iphone Os 2025-04-12 N/A
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
CVE-2015-1091 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1094 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.