Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6157 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-0893 1 Emc 1 Rsa Data Loss Prevention 2025-04-12 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2016-4645 1 Apple 1 Mac Os X 2025-04-12 N/A
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2014-9903 1 Linux 1 Linux Kernel 2025-04-12 N/A
The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.
CVE-2016-4747 1 Apple 1 Iphone Os 2025-04-12 N/A
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2016-4635 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
CVE-2016-0895 1 Emc 1 Rsa Data Loss Prevention 2025-04-12 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.
CVE-2013-4279 1 Imapsync Project 1 Imapsync 2025-04-12 N/A
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.
CVE-2014-2269 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
CVE-2016-2500 1 Google 1 Android 2025-04-12 N/A
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
CVE-2015-3774 1 Apple 1 Mac Os X 2025-04-12 N/A
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
CVE-2016-3304 1 Microsoft 8 Live Meeting, Lync, Office and 5 more 2025-04-12 N/A
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303.
CVE-2012-1366 1 Cisco 10 Asr 1001, Asr 1002, Asr 1002-x and 7 more 2025-04-12 N/A
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
CVE-2014-6147 1 Ibm 1 Flex System Manager 2025-04-12 N/A
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors.
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2025-04-12 N/A
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-0584 1 Cisco 1 Desktop Collaboration Experience Dx650 2025-04-12 N/A
The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947.
CVE-2014-2523 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-12 N/A
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
CVE-2015-0589 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.
CVE-2015-0595 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.
CVE-2016-1955 3 Mozilla, Novell, Opensuse 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.