Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2024-02-04 | 5.0 MEDIUM | N/A |
| The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||||
| CVE-2014-1322 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.9 MEDIUM | N/A |
| The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | |||||
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2024-02-04 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-9250 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. | |||||
| CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-04 | 4.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||
| CVE-2014-2391 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | N/A |
| The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. | |||||
| CVE-2014-4835 | 1 Ibm | 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer | 2024-02-04 | 2.1 LOW | N/A |
| IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2015-0080 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability." | |||||
| CVE-2014-4812 | 1 Ibm | 1 Security Appscan Source | 2024-02-04 | 1.8 LOW | N/A |
| The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | |||||
| CVE-2014-3508 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.3 MEDIUM | N/A |
| The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. | |||||
| CVE-2014-6083 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||||
| CVE-2014-0134 | 1 Openstack | 1 Compute | 2024-02-04 | 3.5 LOW | N/A |
| The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | |||||
| CVE-2015-1148 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | |||||
| CVE-2014-6143 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2024-02-04 | 2.1 LOW | N/A |
| The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. | |||||
| CVE-2014-8553 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 5.0 MEDIUM | N/A |
| The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | |||||
| CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2024-02-04 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||||
| CVE-2014-3641 | 1 Openstack | 1 Cinder | 2024-02-04 | 4.0 MEDIUM | N/A |
| The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header. | |||||
| CVE-2014-2983 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 5.0 MEDIUM | N/A |
| Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. | |||||
| CVE-2014-8788 | 1 Gleamtech | 1 Filevista | 2024-02-04 | 4.0 MEDIUM | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | |||||
| CVE-2014-5448 | 1 Zarafa | 1 Zarafa | 2024-02-04 | 2.1 LOW | N/A |
| Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | |||||