Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10733 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10733 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6899 1 Huawei 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more 2025-04-12 N/A
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.
CVE-2015-7305 1 Ows 1 Scald 2025-04-12 N/A
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."
CVE-2015-7314 1 Gollum Project 1 Gollum 2025-04-12 N/A
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
CVE-2015-7322 1 Juniper 1 Pulse Connect Secure 2025-04-12 N/A
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.
CVE-2015-7327 1 Mozilla 1 Firefox 2025-04-12 N/A
Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.
CVE-2015-7328 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.
CVE-2015-7368 1 Revive-adserver 1 Revive Adserver 2025-04-12 N/A
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
CVE-2015-7399 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors.
CVE-2016-6859 1 Sap 1 Hybris 2025-04-12 N/A
Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace.
CVE-2015-7404 2 Ibm, Microsoft 4 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server and 1 more 2025-04-12 N/A
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
CVE-2015-7412 1 Ibm 1 Datapower Gateway 2025-04-12 N/A
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack.
CVE-2016-6852 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
CVE-2015-7420 1 Ibm 1 Mq Appliance M2000 2025-04-12 N/A
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.
CVE-2015-7421 1 Ibm 1 Mq Appliance M2000 2025-04-12 N/A
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.
CVE-2016-6838 1 Huawei 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more 2025-04-12 N/A
Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
CVE-2015-7427 1 Ibm 1 Datapower Gateway 2025-04-12 N/A
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CVE-2015-7429 1 Ibm 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot 2025-04-12 N/A
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory.
CVE-2016-6836 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.0 Medium
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6827 1 Huawei 1 Fusioncompute 2025-04-12 N/A
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-6753 1 Google 1 Android 2025-04-12 N/A
An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30149174.