Filtered by CWE-200
Total 10719 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-8239 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
CVE-2017-8269 1 Google 1 Android 2025-04-20 N/A
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
CVE-2016-3086 1 Apache 1 Hadoop 2025-04-20 N/A
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
CVE-2017-12616 2 Apache, Redhat 2 Tomcat, Jboss Enterprise Web Server 2025-04-20 N/A
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
CVE-2015-4078 1 Cloudera 2 Cloudera Manager, Navigator 2025-04-20 N/A
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVE-2015-3400 1 Zfsonlinux 1 Zfs 2025-04-20 N/A
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
CVE-2015-0785 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
CVE-2014-3462 2 Encfs Project, Opensuse 3 Encfs, Leap, Opensuse 2025-04-20 7.5 High
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
CVE-2017-1142 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 N/A
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.
CVE-2017-8877 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2025-04-20 N/A
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
CVE-2016-1919 1 Samsung 1 Knox 2025-04-20 N/A
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
CVE-2015-7255 1 Zte 12 Gan9.8t101a-b, Gan9.8t101a-b Firmware, Hg110 and 9 more 2025-04-20 N/A
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
CVE-2015-7732 1 Avira 1 Avira Mobile Security 2025-04-20 N/A
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
CVE-2017-1088 1 Freebsd 1 Freebsd 2025-04-20 N/A
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
CVE-2016-2941 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
CVE-2016-2971 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
CVE-2016-3023 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 N/A
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
CVE-2015-9231 1 Iterm2 1 Iterm2 2025-04-20 N/A
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
CVE-2017-7520 1 Openvpn 1 Openvpn 2025-04-20 N/A
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
CVE-2016-10314 1 Jensenofscandinavia 6 Al3g, Al3g Firmware, Al5000ac and 3 more 2025-04-20 N/A
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read passwords via a direct request to the x.asp page.