Total
8247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0517 | 1 Emc | 1 Documentum D2 | 2024-02-04 | 4.0 MEDIUM | N/A |
| The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | |||||
| CVE-2014-3304 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | |||||
| CVE-2011-4327 | 1 Openbsd | 1 Openssh | 2024-02-04 | 2.1 LOW | N/A |
| ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. | |||||
| CVE-2014-0644 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software | 2024-02-04 | 7.8 HIGH | N/A |
| EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. | |||||
| CVE-2014-8537 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-04 | 2.1 LOW | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2015-0999 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2024-02-04 | 2.1 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2014-3301 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | |||||
| CVE-2014-1361 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 5.0 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. | |||||
| CVE-2014-8775 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 5.0 MEDIUM | N/A |
| MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-4357 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 2.1 LOW | N/A |
| Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | |||||
| CVE-2015-2209 | 1 Dlguard | 1 Dlguard | 2024-02-04 | 5.0 MEDIUM | N/A |
| DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | |||||
| CVE-2015-1165 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-02-04 | 5.0 MEDIUM | N/A |
| RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | |||||
| CVE-2014-8451 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | |||||
| CVE-2014-9579 | 1 Vdgsecurity | 1 Vdg Sense | 2024-02-04 | 5.0 MEDIUM | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | |||||
| CVE-2014-6115 | 1 Ibm | 1 Rational Insight | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. | |||||
| CVE-2015-1089 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2014-6134 | 1 Ibm | 2 Installation Manager, Rational Clearcase | 2024-02-04 | 1.2 LOW | N/A |
| IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. | |||||
| CVE-2015-1147 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-0293 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | |||||
| CVE-2015-0061 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." | |||||