Search Results (9958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5076 1 Labanquepostale 1 Labanquepostale 2025-04-12 N/A
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.
CVE-2015-3176 1 Moodle 1 Moodle 2025-04-12 N/A
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2025-04-12 N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-8309 1 Sap 2 Businessobjects, Businessobjects Xi 2025-04-12 N/A
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVE-2014-8476 1 Freebsd 1 Freebsd 2025-04-12 N/A
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
CVE-2016-3159 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Vm Server and 1 more 2025-04-12 N/A
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2014-8524 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-8526 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.
CVE-2014-8536 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.
CVE-2014-8537 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.
CVE-2014-6477 1 Oracle 1 Database Server 2025-04-12 N/A
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.
CVE-2016-4719 1 Apple 2 Iphone Os, Watchos 2025-04-12 N/A
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
CVE-2015-6165 1 Microsoft 1 Silverlight 2025-04-12 N/A
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114.
CVE-2014-8604 1 Xcloner 1 Xcloner 2025-04-12 N/A
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-8607 1 Xcloner 1 Xcloner 2025-04-12 N/A
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
CVE-2015-0260 2 Kallithea-scm, Rhodecode 2 Kallithea, Rhodecode Enterprise 2025-04-12 N/A
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
CVE-2014-8665 1 Sap 1 Business Intelligence Development Workbench 2025-04-12 N/A
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
CVE-2014-8678 1 Manageengine 1 Oputils 2025-04-12 N/A
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
CVE-2014-8761 1 Dokuwiki 1 Dokuwiki 2025-04-12 N/A
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
CVE-2014-8762 1 Dokuwiki 1 Dokuwiki 2025-04-12 N/A
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.