Total
8247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2038 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file. | |||||
| CVE-2014-9046 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 5.0 MEDIUM | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | |||||
| CVE-2015-0136 | 1 Ibm | 1 Powervc | 2024-02-04 | 2.1 LOW | N/A |
| powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4805 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | |||||
| CVE-2014-4701 | 1 Nagios | 1 Nagios | 2024-02-04 | 2.1 LOW | N/A |
| The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | |||||
| CVE-2015-3153 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | |||||
| CVE-2013-4043 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. | |||||
| CVE-2014-8678 | 1 Manageengine | 1 Oputils | 2024-02-04 | 7.8 HIGH | N/A |
| The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | |||||
| CVE-2014-5037 | 1 Eucalyptus | 1 Eucalyptus | 2024-02-04 | 2.1 LOW | N/A |
| Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | |||||
| CVE-2014-9279 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 5.0 MEDIUM | N/A |
| The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL. | |||||
| CVE-2014-8526 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-04 | 2.1 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | |||||
| CVE-2014-6138 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2024-02-04 | 4.0 MEDIUM | N/A |
| The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. | |||||
| CVE-2014-2199 | 1 Cisco | 6 Webex Business Suite, Webex Event Center, Webex Meeting Center and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. | |||||
| CVE-2015-0673 | 1 Cisco | 1 Mobility Services Engine | 2024-02-04 | 4.0 MEDIUM | N/A |
| Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. | |||||
| CVE-2014-7831 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | N/A |
| lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service. | |||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 4.0 MEDIUM | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
| CVE-2012-1111 | 1 Robert Ancell | 1 Lightdm | 2024-02-04 | 4.6 MEDIUM | N/A |
| lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | |||||
| CVE-2015-0997 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. | |||||
| CVE-2014-7243 | 1 Lg | 3 L-03e, L-04d, L-09c | 2024-02-04 | 5.0 MEDIUM | N/A |
| LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-2998 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2024-02-04 | 3.5 LOW | N/A |
| frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code. | |||||