Export limit exceeded: 10150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3851 | 1 Pyplate | 1 Pyplate | 2025-04-12 | N/A |
| usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | ||||
| CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2025-04-12 | N/A |
| Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2014-3853 | 1 Pyplate | 1 Pyplate | 2025-04-12 | N/A |
| Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2014-3862 | 1 Hl7 | 1 C-cda | 2025-04-12 | N/A |
| CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. | ||||
| CVE-2014-3867 | 1 Ibm | 1 Sametime | 2025-04-12 | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. | ||||
| CVE-2014-3917 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | N/A |
| kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. | ||||
| CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | ||||
| CVE-2014-3956 | 4 Fedoraproject, Freebsd, Hp and 1 more | 4 Fedora, Freebsd, Hpux and 1 more | 2025-04-12 | N/A |
| The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | ||||
| CVE-2014-4311 | 1 Epicor | 1 Epicor Enterprise | 2025-04-12 | N/A |
| Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | ||||
| CVE-2014-4347 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2025-04-12 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. | ||||
| CVE-2014-4356 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | ||||
| CVE-2014-4357 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | ||||
| CVE-2014-4361 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | ||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | ||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | ||||
| CVE-2014-4403 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | ||||
| CVE-2014-4407 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | ||||
| CVE-2014-4409 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | ||||
| CVE-2014-4439 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | ||||
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | ||||