Search Results (10731 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1320 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
CVE-2014-5137 1 Iii 1 Sierra 2025-04-12 N/A
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule.
CVE-2015-5163 2 Openstack, Redhat 2 Glance, Openstack 2025-04-12 N/A
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
CVE-2014-8678 1 Manageengine 1 Oputils 2025-04-12 N/A
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
CVE-2016-3973 1 Sap 1 Netweaver Application Server Java 2025-04-12 5.3 Medium
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CVE-2015-0061 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."
CVE-2016-1796 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.
CVE-2014-8120 2 Redhat, Thermostat Project 2 Rhel Software Collections, Thermostat 2025-04-12 N/A
The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors.
CVE-2016-0864 1 Tollgrade 1 Smartgrid Lighthouse Sensor Management System 2025-04-12 N/A
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.
CVE-2014-8111 2 Apache, Redhat 3 Tomcat Connectors, Jboss Enterprise Application Platform, Jboss Enterprise Web Server 2025-04-12 N/A
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
CVE-2015-3923 1 Coppermine-gallery 1 Coppermine Photo Gallery 2025-04-12 N/A
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.
CVE-2014-8788 1 Gleamtech 1 Filevista 2025-04-12 N/A
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
CVE-2015-5107 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors.
CVE-2014-3481 1 Redhat 6 Jboss Data Grid, Jboss Data Virtualization, Jboss Enterprise Application Platform and 3 more 2025-04-12 N/A
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2014-3494 2 Kde, Opensuse 2 Kdelibs, Opensuse 2025-04-12 N/A
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
CVE-2016-1858 2 Apple, Webkitgtk 4 Iphone Os, Safari, Tvos and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-1862 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
CVE-2016-1864 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2015-4053 2 Ceph, Redhat 2 Ceph-deploy, Ceph Storage 2025-04-12 N/A
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVE-2013-0347 1 Webfs 1 Webfs 2025-04-12 N/A
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.