Export limit exceeded: 363345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8735 1 Bad Behavior Project 1 Bad Behavior 2025-04-12 N/A
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.
CVE-2014-8788 1 Gleamtech 1 Filevista 2025-04-12 N/A
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
CVE-2014-8839 1 Apple 1 Mac Os X 2025-04-12 N/A
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.
CVE-2014-9225 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2025-04-12 N/A
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
CVE-2014-9252 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.
CVE-2014-9354 1 Netapp 1 Oncommand Balance 2025-04-12 N/A
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
CVE-2014-9355 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
CVE-2014-9361 1 Logintoboggan Project 1 Logintoboggan 2025-04-12 N/A
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page.
CVE-2014-9423 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-12 N/A
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
CVE-2015-0070 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
CVE-2015-0143 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2015-0170 1 Ibm 1 Security Siteprotector System 2025-04-12 N/A
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.
CVE-2015-0215 1 Moodle 1 Moodle 2025-04-12 N/A
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
CVE-2015-0211 1 Moodle 1 Moodle 2025-04-12 N/A
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.
CVE-2015-0260 2 Kallithea-scm, Rhodecode 2 Kallithea, Rhodecode Enterprise 2025-04-12 N/A
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
CVE-2015-0271 1 Redhat 1 Openstack 2025-04-12 N/A
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2015-0800 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
CVE-2015-0922 1 Mcafee 1 Epolicy Orchestrator 2025-04-12 N/A
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
CVE-2015-0969 1 Searchblox 1 Searchblox 2025-04-12 N/A
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
CVE-2015-1000012 1 Mypixs Project 1 Mypixs 2025-04-12 N/A
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin