Search Results (9958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10212 1 Radware 1 Alteon 2025-04-20 N/A
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
CVE-2017-17864 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
CVE-2016-1550 2 Ntp, Redhat 3 Ntp, Enterprise Linux, Rhel Eus 2025-04-20 N/A
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
CVE-2016-1556 1 Netgear 12 Wn604, Wn604 Firmware, Wnap320 and 9 more 2025-04-20 N/A
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
CVE-2016-1557 1 Netgear 6 Wnap320, Wnap320 Firmware, Wndap350 and 3 more 2025-04-20 N/A
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.
CVE-2016-1561 1 Exagrid 16 Ex10000e, Ex10000e Firmware, Ex13000e and 13 more 2025-04-20 N/A
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
CVE-2017-17793 1 Blogotext Project 1 Blogotext 2025-04-20 N/A
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
CVE-2016-2987 1 Ibm 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more 2025-04-20 N/A
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
CVE-2015-2826 1 Simple Ads Manager Project 1 Simple Ads Manager 2025-04-20 N/A
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVE-2017-3154 1 Apache 1 Atlas 2025-04-20 N/A
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
CVE-2017-3107 1 Adobe 1 Experience Manager 2025-04-20 N/A
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
CVE-2017-3087 1 Adobe 1 Captivate 2025-04-20 N/A
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
CVE-2016-3023 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 N/A
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
CVE-2016-3043 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 N/A
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2016-3111 2 Pulpproject, Redhat 3 Pulp, Satellite, Satellite Capsule 2025-04-20 N/A
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
CVE-2017-0060 1 Microsoft 14 Live Meeting, Lync, Office and 11 more 2025-04-20 5.5 Medium
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
CVE-2017-0062 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.
CVE-2017-7923 1 Hikvision 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more 2025-04-20 N/A
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.
CVE-2016-3127 1 Blackberry 1 Good Control Server 2025-04-20 N/A
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
CVE-2017-11022 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.