Search Results (10835 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5498 1 Oracle 1 Database Server 2025-04-12 N/A
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.
CVE-2015-8869 4 Fedoraproject, Ocaml, Opensuse and 1 more 4 Fedora, Ocaml, Opensuse and 1 more 2025-04-12 N/A
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
CVE-2015-8944 2 Google, Linux 2 Android, Linux Kernel 2025-04-12 N/A
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2025-04-12 N/A
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-8950 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
CVE-2015-8964 1 Linux 1 Linux Kernel 2025-04-12 N/A
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
CVE-2016-5495 1 Oracle 1 Discoverer 2025-04-12 N/A
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema.
CVE-2016-4995 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
CVE-2016-4985 2 Canonical, Redhat 2 Openstack Ironic, Openstack 2025-04-12 N/A
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
CVE-2016-4968 1 Fortinet 1 Fortiwan 2025-04-12 N/A
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
CVE-2016-0047 1 Microsoft 1 .net Framework 2025-04-12 N/A
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
CVE-2016-0059 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-0070 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
CVE-2016-0073 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2025-04-12 N/A
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
CVE-2016-0075 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2025-04-12 N/A
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
CVE-2016-0080 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."
CVE-2016-0089 1 Microsoft 3 Windows 10, Windows 8.1, Windows Server 2012 2025-04-12 N/A
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2016-0090 1 Microsoft 3 Windows 10, Windows 8.1, Windows Server 2012 2025-04-12 N/A
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2016-0125 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."
CVE-2016-0138 1 Microsoft 1 Exchange Server 2025-04-12 N/A
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."