Filtered by CWE-200
Total 10717 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3973 1 Sap 1 Netweaver Application Server Java 2025-04-12 5.3 Medium
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CVE-2016-4378 1 Hp 2 Xp7 Command View, Xp 9000 Command View 2025-04-12 N/A
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4593 1 Apple 1 Iphone Os 2025-04-12 N/A
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
CVE-2016-4645 1 Apple 1 Mac Os X 2025-04-12 N/A
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-4646 1 Apple 1 Mac Os X 2025-04-12 N/A
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
CVE-2016-4648 1 Apple 1 Mac Os X 2025-04-12 N/A
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-4739 1 Apple 1 Mac Os X 2025-04-12 N/A
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
CVE-2016-4740 1 Apple 1 Iphone Os 2025-04-12 N/A
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4968 1 Fortinet 1 Fortiwan 2025-04-12 N/A
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request.
CVE-2016-5367 1 Huawei 2 Honor Ws851, Honor Ws851 Firmware 2025-04-12 N/A
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
CVE-2016-5500 1 Oracle 1 Discoverer 2025-04-12 N/A
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer.
CVE-2016-5504 1 Oracle 1 Agile Product Lifecycle Management For Process 2025-04-12 4.1 Medium
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal.
CVE-2016-5596 1 Oracle 1 Customer Relationship Management Technical Foundation 2025-04-12 N/A
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2016-5797 1 Tollgrade 1 Lighthouse Sms 2025-04-12 N/A
Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.
CVE-2016-5970 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2025-04-12 N/A
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2016-5972 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2025-04-12 N/A
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-6398 1 Cisco 1 Ios 2025-04-12 N/A
The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.
CVE-2016-6435 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
CVE-2016-6644 1 Emc 1 Documentum D2 2025-04-12 N/A
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
CVE-2016-1342 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.