Total
8243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0595 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | |||||
| CVE-2014-8452 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0778 | 1 Progea | 1 Movicon | 2024-02-04 | 5.0 MEDIUM | N/A |
| The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651. | |||||
| CVE-2014-4027 | 5 Canonical, F5, Linux and 2 more | 26 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 23 more | 2024-02-04 | 2.3 LOW | N/A |
| The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. | |||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2024-02-04 | 2.6 LOW | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2024-02-04 | 5.0 MEDIUM | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2014-7988 | 1 Cisco | 1 Unity Connection | 2024-02-04 | 4.0 MEDIUM | N/A |
| The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | |||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | |||||
| CVE-2013-7299 | 1 Tntnet | 1 Tntnet | 2024-02-04 | 5.0 MEDIUM | N/A |
| framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests. | |||||
| CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
| The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-8017 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-04 | 5.0 MEDIUM | N/A |
| The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. | |||||
| CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
| iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-0998 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2024-02-04 | 3.3 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-2809 | 1 Synology | 1 Diskstation Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | |||||
| CVE-2014-4819 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-02-04 | 4.0 MEDIUM | N/A |
| The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. | |||||
| CVE-2014-3303 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | |||||
| CVE-2014-3494 | 2 Kde, Opensuse | 2 Kdelibs, Opensuse | 2024-02-04 | 4.3 MEDIUM | N/A |
| kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate. | |||||
| CVE-2014-1739 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2024-02-04 | 2.1 LOW | N/A |
| The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. | |||||
| CVE-2014-6088 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. | |||||
| CVE-2015-1308 | 1 Kde | 2 Kde-workspace, Plasma-workspace | 2024-02-04 | 4.3 MEDIUM | N/A |
| kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | |||||