Search Results (10720 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1890 1 Ibm 1 General Parallel File System 2025-04-12 N/A
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVE-2014-3508 2 Openssl, Redhat 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
CVE-2015-0834 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.
CVE-2015-0938 1 Blue Coat 1 Malware Analysis Appliance 2025-04-12 N/A
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter.
CVE-2015-1941 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-12 N/A
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.
CVE-2015-0988 1 Omron 1 Cx-programmer 2025-04-12 N/A
Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.
CVE-2015-0996 2 Aveva, Schneider-electric 2 Aveva Edge, Wonderware Intouch 2014 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
CVE-2015-0997 2 Aveva, Schneider-electric 2 Aveva Edge, Wonderware Intouch 2014 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.
CVE-2015-0999 2 Aveva, Schneider-electric 2 Aveva Edge, Wonderware Intouch 2014 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2015-1970 1 Ibm 1 Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.
CVE-2015-1977 1 Ibm 2 Security Directory Server, Tivoli Directory Server 2025-04-12 N/A
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2015-1005 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
CVE-2015-1996 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 N/A
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.
CVE-2015-1011 1 Hospira 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware 2025-04-12 N/A
Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-1147 1 Apple 1 Mac Os X 2025-04-12 N/A
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-2012 1 Ibm 1 Websphere Mq 2025-04-12 N/A
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
CVE-2014-8024 1 Cisco 1 Jabber Guest 2025-04-12 N/A
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.
CVE-2014-8309 1 Sap 2 Businessobjects, Businessobjects Xi 2025-04-12 N/A
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVE-2014-8448 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
CVE-2014-8450 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092.