Export limit exceeded: 10731 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10731 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7258 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-12 N/A
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
CVE-2016-7278 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
CVE-2016-7284 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-7295 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 N/A
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."
CVE-2016-7960 1 Siemens 1 Simatic Step 7 2025-04-12 N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVE-2016-8100 1 Intel 1 Integrated Performance Primitives 2025-04-12 N/A
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
CVE-2016-8286 1 Oracle 1 Mysql 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.
CVE-2016-8294 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2016-8295 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Time And Labor 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2016-8820 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-12 N/A
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
CVE-2016-8871 1 Botan Project 1 Botan 2025-04-12 N/A
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
CVE-2016-8889 1 Bitcoin Knots Project 1 Bitcoin Knots 2025-04-12 N/A
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
CVE-2016-9017 1 Artifex 1 Mujs 2025-04-12 N/A
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
CVE-2016-9086 1 Gitlab 1 Gitlab 2025-04-12 N/A
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.
CVE-2016-9103 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.0 Medium
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-9756 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9839 1 Osgeo 1 Mapserver 2025-04-12 7.5 High
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
CVE-2016-9845 1 Qemu 1 Qemu 2025-04-12 6.5 Medium
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
CVE-2016-9848 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2016-9852 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.