Export limit exceeded: 10604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2749 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. | ||||
| CVE-2015-1302 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | ||||
| CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | ||||
| CVE-2014-2871 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | ||||
| CVE-2015-0875 | 1 Okb.co.jp | 1 Smartphone Passbook | 2025-04-12 | N/A |
| The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | ||||
| CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | ||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | ||||
| CVE-2015-1415 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | ||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | ||||
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | ||||
| CVE-2014-4453 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4458 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4460 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | ||||
| CVE-2014-4615 | 3 Canonical, Openstack, Redhat | 6 Ubuntu Linux, Neutron, Oslo and 3 more | 2025-04-12 | N/A |
| The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | ||||
| CVE-2014-5341 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-5351 | 1 Mit | 1 Kerberos 5 | 2025-04-12 | N/A |
| The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. | ||||
| CVE-2014-5447 | 1 Zarafa | 2 Webapp, Zarafa | 2025-04-12 | N/A |
| Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. | ||||
| CVE-2014-6064 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | N/A |
| The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. | ||||
| CVE-2014-6083 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | ||||