dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
Max CVSS
5.9
EPSS Score
1.67%
Published
2017-10-03
Updated
2018-03-04
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
Max CVSS
3.8
EPSS Score
0.06%
Published
2017-05-03
Updated
2017-05-15
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
Max CVSS
7.8
EPSS Score
1.75%
Published
2017-01-23
Updated
2020-02-24
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-09-12
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-09-12
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Max CVSS
3.3
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-09-12
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Max CVSS
7.5
EPSS Score
0.51%
Published
2016-05-23
Updated
2023-09-12
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Max CVSS
6.2
EPSS Score
0.13%
Published
2016-05-23
Updated
2023-09-12
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
Max CVSS
4.3
EPSS Score
0.30%
Published
2016-03-13
Updated
2018-10-30
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
Max CVSS
4.3
EPSS Score
0.52%
Published
2016-04-18
Updated
2018-10-30
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-03-23
Updated
2017-03-28
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
Max CVSS
6.5
EPSS Score
0.42%
Published
2016-04-22
Updated
2018-10-09
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
Max CVSS
6.5
EPSS Score
2.33%
Published
2016-04-22
Updated
2018-10-09

CVE-2015-4495

Known exploited
Public exploit
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
Max CVSS
4.3
EPSS Score
96.50%
Published
2015-08-08
Updated
2023-09-12
CISA KEV Added
2022-05-25
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.53%
Published
2015-04-14
Updated
2018-10-30
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
Max CVSS
7.5
EPSS Score
33.68%
Published
2017-08-09
Updated
2017-08-18
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
Max CVSS
7.5
EPSS Score
69.48%
Published
2017-08-09
Updated
2017-08-18
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
Max CVSS
6.5
EPSS Score
23.57%
Published
2017-08-09
Updated
2017-08-19
nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.
Max CVSS
4.0
EPSS Score
0.69%
Published
2014-12-19
Updated
2015-11-13
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
Max CVSS
7.5
EPSS Score
1.03%
Published
2014-03-19
Updated
2023-09-12
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
Max CVSS
7.8
EPSS Score
77.11%
Published
2014-08-29
Updated
2017-01-07
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.54%
Published
2012-04-11
Updated
2017-12-20
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
Max CVSS
2.1
EPSS Score
0.05%
Published
2012-08-08
Updated
2012-08-08
The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.
Max CVSS
5.0
EPSS Score
25.13%
Published
2011-12-08
Updated
2012-03-05
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Max CVSS
5.0
EPSS Score
3.05%
Published
2009-04-16
Updated
2018-10-10
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!