Total
9949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2025-04-12 | N/A |
| The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-0517 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | ||||
| CVE-2015-0514 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | N/A |
| EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | ||||
| CVE-2015-0271 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | ||||
| CVE-2015-0260 | 2 Kallithea-scm, Rhodecode | 2 Kallithea, Rhodecode Enterprise | 2025-04-12 | N/A |
| RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. | ||||
| CVE-2015-0215 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. | ||||
| CVE-2015-0200 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. | ||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2025-04-12 | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-0174 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-3720 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| CVE-2015-0143 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | ||||
| CVE-2015-0136 | 1 Ibm | 1 Powervc | 2025-04-12 | N/A |
| powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-9899 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | ||||
| CVE-2014-9897 | 1 Google | 1 Android | 2025-04-12 | N/A |
| sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | ||||
| CVE-2014-9895 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | N/A |
| drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. | ||||
| CVE-2014-9893 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | ||||
| CVE-2013-6472 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | ||||
| CVE-2014-9712 | 1 Websense | 1 V-series Appliances | 2025-04-12 | N/A |
| Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. | ||||
| CVE-2015-1009 | 2 Indusoft, Wonderware | 2 Web Studio, Intouch | 2025-04-12 | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2014-9577 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response. | ||||