Search Results (10732 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5038 1 Eucalyptus 1 Eucalyptus 2025-04-12 N/A
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.
CVE-2014-0174 1 Redhat 1 Enterprise Mrg 2025-04-12 N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2014-0521 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.
CVE-2014-3045 1 Ibm 1 Scale Out Network Attached Storage 2025-04-12 N/A
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.
CVE-2014-0823 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2014-0965 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
CVE-2014-10005 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.
CVE-2014-5107 2 Concrete5, Concretecms 2 Concrete5, Concrete Cms 2025-04-12 N/A
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.
CVE-2013-1818 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-4458 1 Apple 1 Mac Os X 2025-04-12 N/A
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4460 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
CVE-2014-3508 2 Openssl, Redhat 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
CVE-2014-3517 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
CVE-2013-2998 1 Ibm 2 Maximo Asset Management, Smartcloud Control Desk 2025-04-12 N/A
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
CVE-2014-3530 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more 2025-04-12 N/A
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2013-4194 1 Plone 1 Plone 2025-04-12 N/A
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
CVE-2014-4669 1 Hp 1 Enterprise Maps 2025-04-12 N/A
HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.
CVE-2015-4138 1 Blue Coat 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more 2025-04-12 N/A
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
CVE-2014-3667 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
CVE-2013-7329 1 Perl 1 Cgi Application Module 2025-04-12 N/A
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.