Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10828 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3127 1 Blackberry 1 Good Control Server 2025-04-20 N/A
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
CVE-2016-3130 1 Blackberry 1 Enterprise Service 2025-04-20 N/A
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
CVE-2016-10293 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.
CVE-2016-5614 1 Oracle 1 Flexcube Private Banking 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
CVE-2016-10294 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.
CVE-2016-3152 1 Barco 2 Clickshare Csc-1, Clickshare Csc-1 Firmware 2025-04-20 N/A
Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.
CVE-2016-10295 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.
CVE-2016-6310 1 Redhat 1 Enterprise Virtualization 2025-04-20 N/A
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
CVE-2016-6311 1 Redhat 1 Jboss Enterprise Application Platform 2025-04-20 N/A
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
CVE-2016-10296 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.
CVE-2016-6329 1 Openvpn 1 Openvpn 2025-04-20 N/A
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
CVE-2016-6332 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
CVE-2016-6335 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
CVE-2016-6341 1 Ovirt 1 Ovirt 2025-04-20 N/A
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
CVE-2016-10314 1 Jensenofscandinavia 6 Al3g, Al3g Firmware, Al5000ac and 3 more 2025-04-20 N/A
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page.
CVE-2016-10339 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
CVE-2016-6349 1 Projectatomic 1 Oci-register-machine 2025-04-20 N/A
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
CVE-2016-1000221 1 Elastic 1 Logstash 2025-04-20 N/A
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
CVE-2016-10351 1 Telegram Desktop 1 Telegram Desktop 2025-04-20 N/A
Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.
CVE-2016-10362 1 Elasticsearch 1 Output Plugin 2025-04-20 N/A
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.