Vulnerabilities (CVE)

Filtered by CWE-200
Total 8254 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1858 2 Apple, Webkitgtk 4 Iphone Os, Safari, Tvos and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2015-5223 1 Openstack 1 Swift 2024-02-04 5.0 MEDIUM N/A
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CVE-2016-0079 1 Microsoft 1 Windows 10 2024-02-04 2.1 LOW 5.0 MEDIUM
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
CVE-2016-0073 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2024-02-04 2.1 LOW 5.0 MEDIUM
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
CVE-2015-3646 2 Openstack, Oracle 2 Keystone, Solaris 2024-02-04 4.0 MEDIUM N/A
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
CVE-2016-3649 1 Symantec 1 Endpoint Protection Manager 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.
CVE-2015-2896 1 Idera 1 Uptime Infrastructure Monitor 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
CVE-2016-0790 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
CVE-2016-0956 5 Adobe, Apache, Apple and 2 more 5 Experience Manager, Sling, Mac Os X and 2 more 2024-02-04 7.8 HIGH 7.5 HIGH
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4747 1 Apple 1 Iphone Os 2024-02-04 4.3 MEDIUM 3.7 LOW
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2016-4635 1 Apple 2 Iphone Os, Mac Os X 2024-02-04 3.5 LOW 5.3 MEDIUM
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
CVE-2015-7305 1 Ows 1 Scald 2024-02-04 5.0 MEDIUM N/A
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."
CVE-2015-5712 1 Tibco 2 Spotfire Analytics Platform For Aws, Spotfire Server 2024-02-04 4.0 MEDIUM N/A
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.
CVE-2016-4758 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-5500 1 Oracle 1 Discoverer 2024-02-04 5.0 MEDIUM 7.5 HIGH
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer.
CVE-2015-7998 1 Citrix 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm 2024-02-04 5.0 MEDIUM N/A
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.
CVE-2016-2513 1 Djangoproject 1 Django 2024-02-04 2.6 LOW 3.1 LOW
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
CVE-2016-3852 1 Google 1 Android 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.
CVE-2016-1802 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
CVE-2015-7470 1 Ibm 1 Jazz Reporting Service 2024-02-04 5.0 MEDIUM 7.5 HIGH
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.