Search Results (10723 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0267 1 Ibm 1 Urbancode Deploy 2025-04-12 N/A
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.
CVE-2016-3688 1 Dotcms 1 Dotcms 2025-04-12 N/A
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
CVE-2016-0706 4 Apache, Canonical, Debian and 1 more 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
CVE-2016-3711 1 Redhat 2 Openshift, Openshift Origin 2025-04-12 N/A
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
CVE-2016-2294 1 Accuenergy 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more 2025-04-12 N/A
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.
CVE-2016-0724 2 Fedoraproject, Moodle 2 Fedora, Moodle 2025-04-12 N/A
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
CVE-2016-0739 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2025-04-12 N/A
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2016-2425 1 Google 1 Android 2025-04-12 N/A
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
CVE-2016-0862 1 Ge 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more 2025-04-12 N/A
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
CVE-2016-0867 1 Carel 1 Plantvisor Enhanced 2025-04-12 N/A
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.
CVE-2016-0887 1 Dell 5 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j, Bsafe Micro-edition-suite and 2 more 2025-04-12 N/A
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
CVE-2016-0893 1 Emc 1 Rsa Data Loss Prevention 2025-04-12 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2016-0904 1 Emc 1 Avamar Server 2025-04-12 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
CVE-2016-3155 1 Siemens 1 Apogee Insight 2025-04-12 N/A
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3759 1 Google 1 Android 2025-04-12 N/A
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
CVE-2016-3814 1 Google 1 Android 2025-04-12 N/A
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
CVE-2016-3816 1 Google 1 Android 2025-04-12 N/A
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.
CVE-2016-2882 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
CVE-2015-8232 1 Uc Profile Project 1 Uc Profile 2025-04-12 N/A
The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors.
CVE-2016-3892 1 Google 1 Android 2025-04-12 N/A
The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197.