Total
8279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-5325 | 1 Directwebremoting | 1 Direct Web Remoting | 2024-02-04 | 5.0 MEDIUM | N/A |
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2014-9506 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 3.5 LOW | N/A |
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. | |||||
CVE-2015-1892 | 1 Ibm | 2 Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | |||||
CVE-2014-8082 | 1 Testlink | 1 Testlink | 2024-02-04 | 5.0 MEDIUM | N/A |
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. | |||||
CVE-2015-3404 | 1 Certify Project | 1 Certify | 2024-02-04 | 4.0 MEDIUM | N/A |
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates." | |||||
CVE-2014-1908 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-02-04 | 5.0 MEDIUM | N/A |
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2024-02-04 | 5.0 MEDIUM | N/A |
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||||
CVE-2014-9250 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 5.0 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. | |||||
CVE-2015-1457 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-04 | 4.9 MEDIUM | N/A |
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||||
CVE-2014-4835 | 1 Ibm | 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer | 2024-02-04 | 2.1 LOW | N/A |
IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2015-0080 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability." | |||||
CVE-2014-4812 | 1 Ibm | 1 Security Appscan Source | 2024-02-04 | 1.8 LOW | N/A |
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | |||||
CVE-2014-6083 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||||
CVE-2015-1148 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | |||||
CVE-2014-6143 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2024-02-04 | 2.1 LOW | N/A |
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. | |||||
CVE-2014-8553 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 5.0 MEDIUM | N/A |
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | |||||
CVE-2014-8788 | 1 Gleamtech | 1 Filevista | 2024-02-04 | 4.0 MEDIUM | N/A |
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | |||||
CVE-2014-5448 | 1 Zarafa | 1 Zarafa | 2024-02-04 | 2.1 LOW | N/A |
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | |||||
CVE-2014-3698 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 5.0 MEDIUM | N/A |
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. | |||||
CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. |