Export limit exceeded: 10835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10835 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0903 1 Emc 1 Avamar Server 2025-04-12 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
CVE-2014-3045 1 Ibm 1 Scale Out Network Attached Storage 2025-04-12 N/A
IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.
CVE-2016-2026 1 Hp 2 Matrix Operating Environment, Systems Insight Manager 2025-04-12 N/A
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
CVE-2015-3646 2 Openstack, Oracle 2 Keystone, Solaris 2025-04-12 N/A
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
CVE-2014-6345 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
CVE-2015-2121 1 Hp 1 Network Virtualization 2025-04-12 N/A
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.
CVE-2014-5107 2 Concrete5, Concretecms 2 Concrete5, Concrete Cms 2025-04-12 N/A
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.
CVE-2016-0259 1 Ibm 1 Websphere Mq 2025-04-12 N/A
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.
CVE-2016-2025 1 Hp 1 Service Manager 2025-04-12 N/A
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
CVE-2014-8450 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092.
CVE-2014-2983 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
CVE-2012-5491 1 Plone 1 Plone 2025-04-12 N/A
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
CVE-2012-5492 1 Plone 1 Plone 2025-04-12 N/A
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
CVE-2012-5497 2 Plone, Redhat 2 Plone, Rhel Cluster 2025-04-12 N/A
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
CVE-2014-3105 1 Ibm 1 Rational Clearcase 2025-04-12 N/A
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
CVE-2015-6940 1 Pentaho 2 Business Analytics, Data Integration 2025-04-12 N/A
The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.
CVE-2014-2264 1 Synology 1 Diskstation Manager 2025-04-12 N/A
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
CVE-2014-4491 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
CVE-2014-9177 1 Svnlabs 1 Html5 Mp3 Player With Playlist Free 2025-04-12 N/A
The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php.
CVE-2016-0298 1 Ibm 1 Security Guardium 2025-04-12 N/A
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.