Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2204 | 1 Evergreen-ils | 1 Evergreen | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | |||||
| CVE-2015-3412 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | |||||
| CVE-2015-1285 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2023-11-07 | 5.0 MEDIUM | N/A |
| The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. | |||||
| CVE-2015-1828 | 1 Http.rb Project | 1 Http.rb | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | |||||
| CVE-2015-1244 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. | |||||
| CVE-2015-1247 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. | |||||
| CVE-2015-1776 | 1 Apache | 1 Hadoop | 2023-11-07 | 2.1 LOW | 6.2 MEDIUM |
| Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2015-0783 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||||
| CVE-2015-0785 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. | |||||
| CVE-2014-9419 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | N/A |
| The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. | |||||
| CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2023-11-07 | 2.1 LOW | N/A |
| drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | |||||
| CVE-2015-0784 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. | |||||
| CVE-2014-8111 | 1 Apache | 1 Tomcat Connectors | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. | |||||
| CVE-2014-8709 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 5.0 MEDIUM | N/A |
| The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. | |||||
| CVE-2014-7284 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 6.4 MEDIUM | N/A |
| The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values. | |||||
| CVE-2014-4027 | 5 Canonical, F5, Linux and 2 more | 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more | 2023-11-07 | 2.3 LOW | N/A |
| The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. | |||||
| CVE-2014-3508 | 1 Openssl | 1 Openssl | 2023-11-07 | 4.3 MEDIUM | N/A |
| The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. | |||||
| CVE-2014-3615 | 5 Canonical, Debian, Opensuse and 2 more | 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more | 2023-11-07 | 2.1 LOW | N/A |
| The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | |||||
| CVE-2014-1739 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2023-11-07 | 2.1 LOW | N/A |
| The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. | |||||