Export limit exceeded: 10641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4765 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2025-04-12 | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. | ||||
| CVE-2014-3064 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter. | ||||
| CVE-2016-0864 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2025-04-12 | N/A |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. | ||||
| CVE-2016-6224 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2025-04-12 | N/A |
| ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | ||||
| CVE-2014-3092 | 1 Ibm | 7 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 4 more | 2025-04-12 | N/A |
| IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2014-3615 | 5 Canonical, Debian, Opensuse and 2 more | 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more | 2025-04-12 | N/A |
| The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | ||||
| CVE-2016-6231 | 1 Kaspersky | 1 Safe Browser | 2025-04-12 | N/A |
| Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-3103 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | N/A |
| The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2013-0347 | 1 Webfs | 1 Webfs | 2025-04-12 | N/A |
| The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | ||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2025-04-12 | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | ||||
| CVE-2014-4974 | 1 Eset | 1 Personal Firewall Ndis Filter | 2025-04-12 | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. | ||||
| CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2025-04-12 | N/A |
| CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | ||||
| CVE-2014-7230 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Cinder, Nova and 2 more | 2025-04-12 | N/A |
| The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | ||||
| CVE-2016-6345 | 1 Redhat | 1 Resteasy | 2025-04-12 | N/A |
| RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | ||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | ||||
| CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | ||||
| CVE-2011-4367 | 1 Apache | 1 Myfaces | 2025-04-12 | 7.5 High |
| Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. | ||||
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2016-7888 | 1 Adobe | 1 Digital Editions | 2025-04-12 | N/A |
| Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak. | ||||
| CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | ||||