Export limit exceeded: 367217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3481 | 1 Redhat | 6 Jboss Data Grid, Jboss Data Virtualization, Jboss Enterprise Application Platform and 3 more | 2025-04-12 | N/A |
| org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3485 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2025-04-12 | N/A |
| The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3494 | 2 Kde, Opensuse | 2 Kdelibs, Opensuse | 2025-04-12 | N/A |
| kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate. | ||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2025-04-12 | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | ||||
| CVE-2014-3508 | 2 Openssl, Redhat | 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. | ||||
| CVE-2014-3517 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. | ||||
| CVE-2014-3530 | 1 Redhat | 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more | 2025-04-12 | N/A |
| The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3542 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3543 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. | ||||
| CVE-2014-4153 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | ||||
| CVE-2014-4311 | 1 Epicor | 1 Epicor Enterprise | 2025-04-12 | N/A |
| Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | ||||
| CVE-2014-4347 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2025-04-12 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. | ||||
| CVE-2014-4356 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | ||||
| CVE-2014-4357 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | ||||
| CVE-2014-4361 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | ||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | ||||
| CVE-2014-4426 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. | ||||
| CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | ||||
| CVE-2014-5037 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | ||||
| CVE-2014-5038 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. | ||||