Filtered by CWE-200
Total 10710 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-0704 2 Openssl, Redhat 6 Openssl, Enterprise Linux, Rhel Aus and 3 more 2025-04-12 N/A
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
CVE-2015-3187 3 Apache, Apple, Redhat 3 Subversion, Xcode, Enterprise Linux 2025-04-12 N/A
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
CVE-2016-1092 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1079.
CVE-2016-2107 8 Canonical, Debian, Google and 5 more 18 Ubuntu Linux, Debian Linux, Android and 15 more 2025-04-12 5.9 Medium
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2015-3195 9 Apple, Canonical, Debian and 6 more 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more 2025-04-12 5.3 Medium
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVE-2015-8268 1 Idera 1 Uptime Infrastructure Monitor 2025-04-12 N/A
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-7243 1 Lg 3 L-03e, L-04d, L-09c 2025-04-12 N/A
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-0347 1 Webfs 1 Webfs 2025-04-12 N/A
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
CVE-2014-7831 1 Moodle 1 Moodle 2025-04-12 N/A
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.
CVE-2015-1684 1 Microsoft 2 Internet Explorer, Vbscript 2025-04-12 N/A
VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."
CVE-2014-7993 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
CVE-2014-8068 1 Adobe 1 Digital Editions 2025-04-12 N/A
Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information.
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 6.5 Medium
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-8309 1 Sap 2 Businessobjects, Businessobjects Xi 2025-04-12 N/A
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVE-2014-8637 1 Mozilla 2 Firefox, Seamonkey 2025-04-12 N/A
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.
CVE-2014-8666 1 Sap 1 Business Intelligence Development Workbench 2025-04-12 N/A
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
CVE-2014-8709 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
CVE-2014-9279 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
CVE-2016-7172 1 Netapp 1 Snap Creator Framework 2025-04-12 N/A
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.
CVE-2014-9577 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.