Export limit exceeded: 360552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10674 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | N/A |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | ||||
| CVE-2015-7487 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. | ||||
| CVE-2015-7502 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files. | ||||
| CVE-2016-0378 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | ||||
| CVE-2016-2947 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-12 | N/A |
| IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-0853 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | ||||
| CVE-2016-2949 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session. | ||||
| CVE-2016-0862 | 1 Ge | 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more | 2025-04-12 | N/A |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | ||||
| CVE-2016-2952 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | ||||
| CVE-2016-3012 | 1 Ibm | 2 Api Connect, Network Path Manager | 2025-04-12 | N/A |
| IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | ||||
| CVE-2016-4569 | 4 Canonical, Linux, Novell and 1 more | 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more | 2025-04-12 | N/A |
| The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. | ||||
| CVE-2016-3059 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Sql Server, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server | 2025-04-12 | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI. | ||||
| CVE-2016-6145 | 1 Sap | 1 Hana Db | 2025-04-12 | N/A |
| The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as "False," which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869. | ||||
| CVE-2016-4578 | 5 Canonical, Debian, Linux and 2 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-12 | N/A |
| sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | ||||
| CVE-2016-3251 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability." | ||||
| CVE-2016-3255 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | ||||
| CVE-2016-3261 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| CVE-2016-3267 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| CVE-2016-3272 | 1 Microsoft | 4 Windows 10, Windows 7, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability." | ||||
| CVE-2016-10105 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence. | ||||