Vulnerabilities (CVE)

Filtered by CWE-200
Total 8191 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5870 1 Apple 1 Mac Os X 2025-04-12 2.1 LOW N/A
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
CVE-2015-1851 2 Canonical, Openstack 4 Ubuntu Linux, Icehouse, Juno and 1 more 2025-04-12 6.8 MEDIUM N/A
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
CVE-2016-0886 1 Emc 1 Documentum Xcp 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
CVE-2016-6750 1 Google 1 Android 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825.
CVE-2015-1941 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-12 7.8 HIGH N/A
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.
CVE-2014-2038 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 2.1 LOW N/A
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
CVE-2014-4766 1 Ibm 1 Classic Meeting Server 2025-04-12 5.0 MEDIUM N/A
IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file.
CVE-2015-6727 2 Canonical, Mediawiki 2 Ubuntu Linux, Mediawiki 2025-04-12 5.0 MEDIUM N/A
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2011-3634 2 Canonical, Debian 2 Ubuntu Linux, Advanced Package Tool 2025-04-12 2.6 LOW N/A
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
CVE-2014-0323 1 Microsoft 10 Windows 7, Windows 8, Windows 8.1 and 7 more 2025-04-12 6.6 MEDIUM N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."
CVE-2015-5231 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2025-04-12 2.1 LOW 5.5 MEDIUM
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.
CVE-2015-8090 1 Tibco 1 Loglogic Unity 2025-04-12 4.0 MEDIUM N/A
The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request.
CVE-2014-6107 1 Ibm 1 Security Identity Manager 2025-04-12 4.3 MEDIUM N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
CVE-2014-1830 2 Opensuse, Python 2 Opensuse, Requests 2025-04-12 5.0 MEDIUM N/A
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
CVE-2015-4395 1 Hybridauth Social Login Project 1 Hybridauth Social Login 2025-04-12 3.5 LOW N/A
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
CVE-2015-4958 1 Ibm 1 Infosphere Master Data Management 2025-04-12 2.1 LOW 3.3 LOW
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files.
CVE-2014-5449 1 Zarafa 2 Webaccess, Webapp 2025-04-12 2.1 LOW N/A
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
CVE-2015-2433 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 2.1 LOW N/A
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability."
CVE-2015-8100 1 Net-snmp 1 Net-snmp 2025-04-12 2.1 LOW N/A
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
CVE-2016-5260 1 Mozilla 1 Firefox 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.