Search Results (9958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6211 1 Ibm 1 Websphere Commerce 2025-04-12 N/A
The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.
CVE-2014-1900 1 Y-cam 30 Ycb001, Ycb001 Firmware, Ycb002 and 27 more 2025-04-12 N/A
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp.
CVE-2016-3753 1 Google 1 Android 2025-04-12 N/A
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
CVE-2015-7548 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
CVE-2013-7060 1 Plone 1 Plone 2025-04-12 N/A
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
CVE-2013-6741 1 Ibm 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more 2025-04-12 N/A
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
CVE-2015-3319 1 Hotspotexpress 1 Hotex Billing Manager 2025-04-12 N/A
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2016-2015 1 Hp 1 System Management Homepage 2025-04-12 N/A
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3893 1 Google 1 Android 2025-04-12 N/A
The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400.
CVE-2016-3956 3 Ibm, Nodejs, Npmjs 3 Sdk, Node.js, Npm 2025-04-12 7.5 High
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
CVE-2015-7885 1 Linux 1 Linux Kernel 2025-04-12 N/A
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2015-7908 1 Honeywell 4 Midas, Midas Black, Midas Black Firmware and 1 more 2025-04-12 N/A
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
CVE-2014-6083 1 Ibm 2 Security Access Manager For Mobile, Security Access Manager For Web 2025-04-12 N/A
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
CVE-2014-7848 1 Moodle 1 Moodle 2025-04-12 N/A
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2015-7934 1 Adcon 1 A840 Telemetry Gateway Base Station Firmware 2025-04-12 N/A
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.
CVE-2015-7932 1 Adcon 1 A840 Telemetry Gateway Base Station Firmware 2025-04-12 N/A
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-7833 1 Moodle 1 Moodle 2025-04-12 N/A
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.
CVE-2015-8289 1 Netgear 4 D3600, D3600 Firmware, D6000 and 1 more 2025-04-12 N/A
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
CVE-2015-8303 1 Huawei 1 Document Security Management 2025-04-12 N/A
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
CVE-2015-7929 1 Ewon 1 Ewon Firmware 2025-04-12 N/A
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.