Total
8241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1818 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 5.0 MEDIUM | N/A |
| maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-3698 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
| The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | |||||
| CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | |||||
| CVE-2014-8032 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. | |||||
| CVE-2015-1128 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
| The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | |||||
| CVE-2014-4491 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 5.0 MEDIUM | N/A |
| The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
| CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
| CVE-2015-0875 | 1 Okb.co.jp | 1 Smartphone Passbook | 2024-02-04 | 1.8 LOW | N/A |
| The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | |||||
| CVE-2014-6345 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | |||||
| CVE-2014-5377 | 1 Manageengine | 1 Device Expert | 2024-02-04 | 5.0 MEDIUM | N/A |
| ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||||
| CVE-2013-7373 | 1 Google | 1 Android | 2024-02-04 | 7.5 HIGH | N/A |
| Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | |||||
| CVE-2014-6624 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 6.8 MEDIUM | N/A |
| The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-2356 | 1 Innominate | 1 Mguard Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
| Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | |||||
| CVE-2015-0583 | 1 Cisco | 1 Webex Meeting Center | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | |||||
| CVE-2014-4781 | 1 Ibm | 1 Infosphere Biginsights | 2024-02-04 | 5.0 MEDIUM | N/A |
| The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. | |||||
| CVE-2015-1113 | 1 Apple | 1 Iphone Os | 2024-02-04 | 1.9 LOW | N/A |
| The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | |||||
| CVE-2014-3249 | 1 Puppet | 1 Puppet Enterprise | 2024-02-04 | 5.0 MEDIUM | N/A |
| Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. | |||||
| CVE-2014-8448 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | |||||
| CVE-2015-3293 | 1 Fortinet | 1 Fortimail | 2024-02-04 | 4.0 MEDIUM | N/A |
| FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | |||||
| CVE-2014-8035 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247. | |||||