Vulnerabilities (CVE)

Filtered by CWE-200
Total 8253 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7427 1 Ibm 1 Datapower Gateway 2024-02-04 5.0 MEDIUM N/A
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CVE-2016-2142 1 Redhat 1 Openshift 2024-02-04 2.1 LOW 5.5 MEDIUM
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
CVE-2016-7960 1 Siemens 1 Simatic Step 7 2024-02-04 1.9 LOW 2.5 LOW
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVE-2016-1325 1 Cisco 3 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware, Dpc3941 Wireless Residential Voice Gateway 2024-02-04 7.8 HIGH 7.5 HIGH
The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.
CVE-2015-6157 1 Microsoft 1 Internet Explorer 2024-02-04 4.3 MEDIUM N/A
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-2023 1 Hp 1 Restful Interface Tool 2024-02-04 2.1 LOW 5.5 MEDIUM
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-8481 1 Atlassian 3 Jira Core, Jira Server, Jira Service Desk 2024-02-04 3.5 LOW 3.1 LOW
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
CVE-2015-5851 1 Apple 2 Iphone Os, Mac Os X 2024-02-04 2.1 LOW N/A
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
CVE-2016-3860 1 Google 1 Android 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127.
CVE-2015-6052 1 Microsoft 3 Internet Explorer, Jscript, Vbscript 2024-02-04 4.3 MEDIUM N/A
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
CVE-2016-7090 1 Siemens 4 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 1 more 2024-02-04 4.3 MEDIUM 4.0 MEDIUM
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2015-3197 2 Openssl, Oracle 6 Openssl, Exalogic Infrastructure, Oss Support Tools and 3 more 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
CVE-2016-3374 1 Microsoft 5 Edge, Windows 10, Windows 8.1 and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.
CVE-2015-5321 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-02-04 5.0 MEDIUM N/A
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
CVE-2016-3893 1 Google 1 Android 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400.
CVE-2016-2304 1 Ecava 1 Integraxor 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2013-7444 1 Mediawiki 1 Mediawiki 2024-02-04 5.0 MEDIUM N/A
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2015-5576 5 Adobe, Apple, Google and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2024-02-04 5.0 MEDIUM N/A
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
CVE-2015-6368 1 Cisco 1 Firepower Extensible Operating System 2024-02-04 5.0 MEDIUM N/A
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
CVE-2016-5972 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2024-02-04 4.9 MEDIUM 6.8 MEDIUM
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.