Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8451 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | |||||
| CVE-2014-8448 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | |||||
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2014-12-11 | 4.3 MEDIUM | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | |||||
| CVE-2014-7259 | 1 Square Enix Co Ltd | 1 Kaku San Sei Million Aruthur | 2014-12-05 | 5.0 MEDIUM | N/A |
| SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2014-9154 | 1 Notify Project | 1 Notify | 2014-12-05 | 4.0 MEDIUM | N/A |
| The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | |||||
| CVE-2014-8788 | 1 Gleamtech | 1 Filevista | 2014-12-05 | 4.0 MEDIUM | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | |||||
| CVE-2014-9156 | 1 Filefield Project | 1 Filefield | 2014-12-01 | 4.0 MEDIUM | N/A |
| The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | |||||
| CVE-2014-8425 | 1 Arris | 1 Vap2500 Firmware | 2014-11-28 | 7.8 HIGH | N/A |
| The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||||
| CVE-2014-8552 | 1 Siemens | 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more | 2014-11-26 | 5.0 MEDIUM | N/A |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | |||||
| CVE-2014-7195 | 1 Tibco | 3 Silver Fabric Enabler, Spotfire Deployment Kit, Spotfire Web Player | 2014-11-21 | 4.0 MEDIUM | N/A |
| Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-9025 | 1 Commerceguys | 1 Commerce | 2014-11-21 | 5.0 MEDIUM | N/A |
| The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-6622 | 1 Arubanetworks | 1 Clearpass | 2014-11-19 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | |||||
| CVE-2014-6621 | 1 Arubanetworks | 1 Clearpass | 2014-11-19 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | |||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2014-11-17 | 4.3 MEDIUM | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||||
| CVE-2014-8476 | 1 Freebsd | 1 Freebsd | 2014-11-14 | 2.1 LOW | N/A |
| The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | |||||
| CVE-2014-8736 | 1 Open Atrium Project | 1 Open Atrium | 2014-11-13 | 5.0 MEDIUM | N/A |
| The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node. | |||||
| CVE-2014-5038 | 1 Eucalyptus | 1 Eucalyptus | 2014-11-10 | 2.1 LOW | N/A |
| Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. | |||||
| CVE-2014-5037 | 1 Eucalyptus | 1 Eucalyptus | 2014-11-10 | 2.1 LOW | N/A |
| Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2014-11-07 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2014-11-07 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||