Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | N/A |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | ||||
| CVE-2016-6859 | 1 Sap | 1 Hybris | 2025-04-12 | N/A |
| Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | ||||
| CVE-2015-7420 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | N/A |
| Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421. | ||||
| CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2025-04-12 | N/A |
| The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | ||||
| CVE-2014-8709 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. | ||||
| CVE-2015-7928 | 1 Ewon | 1 Ewon Firmware | 2025-04-12 | N/A |
| eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2016-7227 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| CVE-2016-6653 | 1 Pivotal Software | 1 Cloud Foundry Cf Mysql | 2025-04-12 | N/A |
| The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. | ||||
| CVE-2014-8735 | 1 Bad Behavior Project | 1 Bad Behavior | 2025-04-12 | N/A |
| The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file. | ||||
| CVE-2014-9154 | 1 Notify Project | 1 Notify | 2025-04-12 | N/A |
| The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | ||||
| CVE-2016-7216 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | N/A |
| The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| CVE-2014-9247 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. | ||||
| CVE-2016-2302 | 1 Ecava | 1 Integraxor | 2025-04-12 | N/A |
| Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | ||||
| CVE-2014-0201 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2025-04-12 | N/A |
| ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2016-6677 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955. | ||||
| CVE-2016-6936 | 3 Adobe, Apple, Microsoft | 3 Air Sdk \& Compiler, Mac Os X, Windows | 2025-04-12 | N/A |
| Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. | ||||
| CVE-2016-0800 | 3 Openssl, Pulsesecure, Redhat | 11 Openssl, Client, Steel Belted Radius and 8 more | 2025-04-12 | N/A |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | ||||
| CVE-2015-3195 | 9 Apple, Canonical, Debian and 6 more | 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more | 2025-04-12 | 5.3 Medium |
| The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | ||||
| CVE-2016-0870 | 1 Trane | 1 Tracer Sc | 2025-04-12 | N/A |
| The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | ||||
| CVE-2016-1501 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. | ||||