Vulnerabilities (CVE)

Filtered by CWE-200
Total 8266 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1580 1 Mozilla 1 Firefox 2025-04-12 5.0 MEDIUM N/A
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.
CVE-2015-4171 3 Canonical, Debian, Strongswan 4 Ubuntu Linux, Debian Linux, Strongswan and 1 more 2025-04-12 2.6 LOW N/A
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
CVE-2016-3216 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
CVE-2016-5835 1 Wordpress 1 Wordpress 2025-04-12 5.0 MEDIUM 7.5 HIGH
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
CVE-2015-5892 1 Apple 1 Iphone Os 2025-04-12 2.1 LOW N/A
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
CVE-2016-5730 2 Opensuse, Phpmyadmin 3 Leap, Opensuse, Phpmyadmin 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
CVE-2014-9894 1 Google 1 Android 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.
CVE-2015-3786 1 Apple 1 Mac Os X 2025-04-12 4.3 MEDIUM N/A
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
CVE-2016-3765 1 Google 1 Android 2025-04-12 6.4 MEDIUM 7.7 HIGH
decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.
CVE-2015-6261 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 4.0 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
CVE-2014-3543 1 Moodle 1 Moodle 2025-04-12 4.3 MEDIUM N/A
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.
CVE-2014-0891 1 Ibm 1 Websphere Application Server 2025-04-12 5.0 MEDIUM N/A
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.
CVE-2015-5910 1 Apple 1 Xcode 2025-04-12 3.3 LOW N/A
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-7827 3 Botan Project, Debian, Fedoraproject 3 Botan, Debian Linux, Fedora 2025-04-12 5.0 MEDIUM 7.5 HIGH
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVE-2015-8481 1 Atlassian 3 Jira Core, Jira Server, Jira Service Desk 2025-04-12 3.5 LOW 3.1 LOW
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
CVE-2015-2556 1 Microsoft 1 Sharepoint Server 2025-04-12 4.3 MEDIUM N/A
The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."
CVE-2013-4724 1 Ddsn 1 Cm3 Acora Content Management System 2025-04-12 5.0 MEDIUM N/A
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-5909 1 Apple 1 Xcode 2025-04-12 5.0 MEDIUM N/A
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.
CVE-2016-4580 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 5.0 MEDIUM 7.5 HIGH
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
CVE-2014-2377 1 Ecava 1 Integraxor 2025-04-12 5.0 MEDIUM N/A
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.