Total
8247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1090 | 1 Apple | 1 Iphone Os | 2024-02-04 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |||||
| CVE-2014-9156 | 1 Filefield Project | 1 Filefield | 2024-02-04 | 4.0 MEDIUM | N/A |
| The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | |||||
| CVE-2014-0266 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2024-02-04 | 7.1 HIGH | N/A |
| The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability." | |||||
| CVE-2015-3044 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-1109 | 1 Apple | 1 Iphone Os | 2024-02-04 | 2.1 LOW | N/A |
| NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | |||||
| CVE-2015-2206 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2024-02-04 | 5.0 MEDIUM | N/A |
| libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | |||||
| CVE-2014-4022 | 1 Xen | 1 Xen | 2024-02-04 | 2.7 LOW | N/A |
| The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall. | |||||
| CVE-2014-8761 | 1 Dokuwiki | 1 Dokuwiki | 2024-02-04 | 5.0 MEDIUM | N/A |
| inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | |||||
| CVE-2014-4863 | 1 Arris | 2 Touchstone Dg950a, Touchstone Dg950a Software | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | |||||
| CVE-2014-9049 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2024-02-04 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||||
| CVE-2015-1890 | 1 Ibm | 1 General Parallel File System | 2024-02-04 | 3.5 LOW | N/A |
| /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2014-2545 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | |||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | |||||
| CVE-2014-4721 | 1 Php | 1 Php | 2024-02-04 | 2.6 LOW | N/A |
| The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. | |||||
| CVE-2015-1482 | 1 Ansible | 1 Tower | 2024-02-04 | 5.0 MEDIUM | N/A |
| Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. | |||||
| CVE-2011-5314 | 1 Redaxscript | 1 Redaxscript | 2024-02-04 | 5.0 MEDIUM | N/A |
| templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2013-7060 | 1 Plone | 1 Plone | 2024-02-04 | 5.0 MEDIUM | N/A |
| Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2024-02-04 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
| CVE-2014-8834 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
| UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | |||||