Filtered by vendor
Subscriptions
Total
1126 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-11-21 | 7.5 High |
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | ||||
CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.8 High |
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | ||||
CVE-2014-8112 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Fedora, Enterprise Linux | 2024-11-21 | N/A |
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. | ||||
CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2024-11-21 | N/A |
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | ||||
CVE-2014-7230 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Cinder, Nova and 2 more | 2024-11-21 | N/A |
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | ||||
CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
CVE-2014-5381 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 9.8 Critical |
Grand MA 300 allows a brute-force attack on the PIN. | ||||
CVE-2014-5093 | 1 Status2k | 1 Status2k | 2024-11-21 | 9.8 Critical |
Status2k does not remove the install directory allowing credential reset. | ||||
CVE-2014-4806 | 2 Ibm, Linux | 2 Security Appscan, Linux Kernel | 2024-11-21 | 5.5 Medium |
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2014-4660 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | ||||
CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||
CVE-2014-3561 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | ||||
CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 Medium |
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | ||||
CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2024-11-21 | 9.8 Critical |
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | ||||
CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | N/A |
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | ||||
CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 7.5 High |
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
CVE-2014-1423 | 2 Signond Project, Ubports | 2 Signond, Ubuntu Touch | 2024-11-21 | 5.9 Medium |
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. | ||||
CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 5.5 Medium |
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | ||||
CVE-2014-0202 | 1 Redhat | 2 Rhev Manager, Rhevm-dwh | 2024-11-21 | N/A |
The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | ||||
CVE-2014-0189 | 2 Redhat, Virt-who Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | N/A |
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. |