Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10734 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10734 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6493 1 Redhat 2 Enterprise Linux, Icedtea-web 2025-04-12 N/A
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
CVE-2015-7884 1 Linux 1 Linux Kernel 2025-04-12 N/A
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2015-7885 1 Linux 1 Linux Kernel 2025-04-12 N/A
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2015-7886 1 Netapp 1 Data Ontap 2025-04-12 N/A
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.
CVE-2015-7900 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.
CVE-2015-7902 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.
CVE-2015-7908 1 Honeywell 4 Midas, Midas Black, Midas Black Firmware and 1 more 2025-04-12 N/A
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
CVE-2015-7910 1 Exemys 1 Telemetry Web Server 2025-04-12 N/A
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.
CVE-2015-7915 1 Sauter 1 Moduweb Vision 2025-04-12 N/A
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-8481 1 Atlassian 3 Jira Core, Jira Server, Jira Service Desk 2025-04-12 N/A
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
CVE-2015-8487 1 Cybozu 1 Office 2025-04-12 N/A
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
CVE-2015-8488 1 Cybozu 1 Office 2025-04-12 N/A
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
CVE-2015-8509 1 Mozilla 1 Bugzilla 2025-04-12 N/A
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
CVE-2015-8537 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-12 N/A
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
CVE-2014-3105 1 Ibm 1 Rational Clearcase 2025-04-12 N/A
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
CVE-2015-8555 2 Citrix, Xen 2 Xenserver, Xen 2025-04-12 N/A
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
CVE-2015-8569 1 Linux 1 Linux Kernel 2025-04-12 N/A
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8575 1 Linux 1 Linux Kernel 2025-04-12 N/A
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8601 1 Chat Room Project 1 Chat Room 2025-04-12 N/A
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
CVE-2015-8602 1 Token Insert Entity Project 1 Token Insert Entity 2025-04-12 N/A
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.