Export limit exceeded: 10096 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10096 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8675 | 1 Soplanning | 1 Soplanning | 2025-04-20 | N/A |
| Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | ||||
| CVE-2014-8688 | 1 Telegram | 1 Messenger | 2025-04-20 | 7.5 High |
| An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. | ||||
| CVE-2014-8701 | 1 Wondercms | 1 Wondercms | 2025-04-20 | N/A |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | ||||
| CVE-2014-8702 | 1 Wondercms | 1 Wondercms | 2025-04-20 | N/A |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | ||||
| CVE-2014-8706 | 1 Pluck-cms | 1 Pluck | 2025-04-20 | N/A |
| Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. | ||||
| CVE-2016-4042 | 1 Plone | 1 Plone | 2025-04-20 | N/A |
| Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. | ||||
| CVE-2014-9483 | 1 Gnu | 1 Emacs | 2025-04-20 | N/A |
| Emacs 24.4 allows remote attackers to bypass security restrictions. | ||||
| CVE-2014-9616 | 1 Netsweeper | 1 Netsweeper | 2025-04-20 | N/A |
| Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. | ||||
| CVE-2015-0238 | 1 Redhat | 1 Openshift | 2025-04-20 | N/A |
| selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | ||||
| CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | N/A |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | ||||
| CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | N/A |
| Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | ||||
| CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | N/A |
| com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | ||||
| CVE-2015-1323 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. | ||||
| CVE-2016-3996 | 1 Samsung | 1 Knox | 2025-04-20 | N/A |
| ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | ||||
| CVE-2015-2246 | 1 Huawei | 2 P7-l10, P7-l10 Firmware | 2025-04-20 | N/A |
| The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information. | ||||
| CVE-2015-2251 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | N/A |
| The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | ||||
| CVE-2015-2253 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2025-04-20 | N/A |
| The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | ||||
| CVE-2016-3995 | 1 Cryptopp | 1 Crypto\+\+ | 2025-04-20 | N/A |
| The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks. | ||||
| CVE-2015-2877 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | 3.3 Low |
| Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities | ||||
| CVE-2015-2884 | 1 Philips | 1 In.sight B120\\37 | 2025-04-20 | N/A |
| Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. | ||||