Export limit exceeded: 44591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10168 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10168 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7190 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | ||||
| CVE-2015-7186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | ||||
| CVE-2014-2521 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | ||||
| CVE-2014-2519 | 1 Emc | 1 Recoverpoint Appliance | 2025-04-12 | N/A |
| The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports. | ||||
| CVE-2014-2510 | 1 Emc | 4 Centerstage, Documentum Foundation Services, My Documentum For Desktop and 1 more | 2025-04-12 | N/A |
| The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2015-2413 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| CVE-2015-6747 | 1 Basware | 1 Banking | 2025-04-12 | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746. | ||||
| CVE-2015-6746 | 1 Basware | 1 Banking | 2025-04-12 | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. | ||||
| CVE-2014-2068 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | ||||
| CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
| CVE-2014-2061 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | ||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2025-04-12 | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | ||||
| CVE-2014-2038 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file. | ||||
| CVE-2014-2009 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | N/A |
| The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | ||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2025-04-12 | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | ||||
| CVE-2015-6727 | 2 Canonical, Mediawiki | 2 Ubuntu Linux, Mediawiki | 2025-04-12 | N/A |
| The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | ||||
| CVE-2014-1908 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-12 | N/A |
| The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | ||||
| CVE-2014-1900 | 1 Y-cam | 30 Ycb001, Ycb001 Firmware, Ycb002 and 27 more | 2025-04-12 | N/A |
| Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp. | ||||
| CVE-2016-4816 | 1 Buffalo | 68 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 65 more | 2025-04-12 | N/A |
| BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | ||||
| CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | ||||