Total
8246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1829 | 4 Canonical, Debian, Mageia and 1 more | 4 Ubuntu Linux, Debian Linux, Mageia and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||||
| CVE-2015-0683 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-02-04 | 4.0 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | |||||
| CVE-2013-6741 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more | 2024-02-04 | 3.5 LOW | N/A |
| IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. | |||||
| CVE-2014-4458 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2024-02-04 | 2.1 LOW | N/A |
| The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2013-6440 | 2 Internet2, Shibboleth | 2 Opensaml, Opensaml | 2024-02-04 | 5.0 MEDIUM | N/A |
| The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. | |||||
| CVE-2014-2567 | 1 Trojita Project | 1 Trojita | 2024-02-04 | 4.3 MEDIUM | N/A |
| The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. | |||||
| CVE-2015-0992 | 1 Inductiveautomation | 1 Ignition | 2024-02-04 | 2.1 LOW | N/A |
| Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4702 | 1 Nagios | 1 Nagios | 2024-02-04 | 2.1 LOW | N/A |
| The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | |||||
| CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | |||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 5.0 MEDIUM | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||||
| CVE-2012-5508 | 1 Plone | 1 Plone | 2024-02-04 | 5.0 MEDIUM | N/A |
| The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. | |||||
| CVE-2014-0772 | 1 Advantech | 1 Advantech Webaccess | 2024-02-04 | 5.0 MEDIUM | N/A |
| The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
| CVE-2014-4692 | 1 Netgate | 1 Pfsense | 2024-02-04 | 4.3 MEDIUM | N/A |
| pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2024-02-04 | 5.0 MEDIUM | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2014-4747 | 1 Ibm | 1 Sametime | 2024-02-04 | 2.1 LOW | N/A |
| The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. | |||||
| CVE-2014-7853 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2024-02-04 | 4.0 MEDIUM | N/A |
| The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | |||||
| CVE-2014-7259 | 1 Square Enix Co Ltd | 1 Kaku San Sei Million Aruthur | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2014-2392 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | N/A |
| The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||