Filtered by CWE-200
Total 10715 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1314 1 Usaa 1 Mobile Banking 2025-04-12 N/A
The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.
CVE-2015-1415 1 Freebsd 1 Freebsd 2025-04-12 N/A
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
CVE-2015-1456 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
CVE-2015-1457 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2015-1488 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
CVE-2015-1595 1 Siemens 1 Spcanywhere 2025-04-12 N/A
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.
CVE-2015-1598 1 Siemens 1 Spcanywhere 2025-04-12 N/A
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.
CVE-2015-1670 1 Microsoft 1 .net Framework 2025-04-12 N/A
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."
CVE-2015-1686 1 Microsoft 2 Internet Explorer, Vbscript 2025-04-12 N/A
The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
CVE-2015-1765 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.
CVE-2016-5137 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
CVE-2015-1851 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Icehouse, Juno and 2 more 2025-04-12 N/A
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
CVE-2015-1907 1 Ibm 1 Rational License Key Server 2025-04-12 N/A
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors.
CVE-2015-1941 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-12 N/A
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.
CVE-2015-1972 1 Ibm 1 Tivoli Directory Server 2025-04-12 N/A
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.
CVE-2015-1977 1 Ibm 2 Security Directory Server, Tivoli Directory Server 2025-04-12 N/A
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2015-2005 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2015-2018 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2015-2025 1 Ibm 1 Websphere Extreme Scale 2025-04-12 N/A
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2015-2045 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2025-04-12 N/A
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.