Search Results (9958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5959 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.
CVE-2017-13169 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.
CVE-2016-4680 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVE-2017-5011 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
CVE-2016-4664 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.
CVE-2016-4665 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
CVE-2016-1187 1 Cybozu 1 Kunai 2025-04-20 N/A
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
CVE-2017-6771 1 Cisco 1 Ultra Services Framework 2025-04-20 N/A
A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839.
CVE-2017-6772 1 Cisco 1 Elastic Services Controller 2025-04-20 N/A
A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2).
CVE-2017-9682 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
CVE-2017-6681 1 Cisco 1 Ultra Services Framework 2025-04-20 N/A
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
CVE-2016-4613 1 Apple 4 Apple Tv, Icloud, Itunes and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-7607 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVE-2017-6045 1 Trihedral 1 Vtscada 2025-04-20 N/A
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
CVE-2015-8034 1 Saltstack 1 Salt 2025-04-20 N/A
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2016-4842 1 Cybozu 1 Mailwise 2025-04-20 N/A
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
CVE-2017-5927 5 Allwinner, Amd, Intel and 2 more 20 A64, Athlon Ii 640 X4, E-350 and 17 more 2025-04-20 N/A
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2016-2380 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
CVE-2017-8865 1 Cognitoys 2 Stemosaur, Stemosaur Firmware 2025-04-20 N/A
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.
CVE-2017-16894 1 Laravel 1 Laravel 2025-04-20 N/A
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.