Search Results (10827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5284 1 Freeipa 1 Freeipa 2025-04-20 N/A
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVE-2015-5378 2 Elastic, Elasticsearch 2 Logstash, Logstash 2025-04-20 N/A
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
CVE-2015-5383 1 Roundcube 2 Roundcube Webmail, Webmail 2025-04-20 N/A
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVE-2015-5382 1 Roundcube 2 Roundcube Webmail, Webmail 2025-04-20 N/A
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
CVE-2015-6250 1 Simple-php-captcha Project 1 Simple-php-captcha 2025-04-20 N/A
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.
CVE-2015-6918 1 Saltstack 1 Salt 2015 2025-04-20 N/A
salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2015-7514 1 Openstack 1 Ironic 2025-04-20 N/A
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVE-2015-7732 1 Avira 1 Avira Mobile Security 2025-04-20 N/A
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
CVE-2015-8034 1 Saltstack 1 Salt 2025-04-20 N/A
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2015-8079 1 Qt 1 Qtwebkit 2025-04-20 5.3 Medium
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
CVE-2015-8224 1 Huawei 2 P8, P8 Firmware 2025-04-20 N/A
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
CVE-2015-8251 1 Unify 21 Openscape Desk Phone Ip 35g Eco Hfa, Openscape Desk Phone Ip 35g Eco Sip, Openscape Desk Phone Ip 35g Eco Sip Firmware and 18 more 2025-04-20 N/A
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.
CVE-2015-8276 1 Eparaksts 2 Edoc-libraries, Eparakstitajs 3 2025-04-20 N/A
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.
CVE-2015-8625 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
CVE-2015-8628 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
CVE-2015-8707 1 Magento 1 Magento 2025-04-20 N/A
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
CVE-2016-6887 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.
CVE-2017-12157 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
CVE-2010-3845 1 Apache Authenhook Project 1 Apache Authenhook 2025-04-20 N/A
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
CVE-2012-4382 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.