Total
8075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2374 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2014-11-05 | 7.5 HIGH | N/A |
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |||||
CVE-2014-4311 | 1 Epicor | 1 Epicor Enterprise | 2014-11-05 | 5.0 MEDIUM | N/A |
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | |||||
CVE-2014-8244 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2014-11-04 | 7.5 HIGH | N/A |
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. | |||||
CVE-2014-8526 | 1 Mcafee | 1 Network Data Loss Prevention | 2014-10-30 | 2.1 LOW | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | |||||
CVE-2014-8528 | 1 Mcafee | 1 Network Data Loss Prevention | 2014-10-30 | 2.1 LOW | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. | |||||
CVE-2014-8524 | 1 Mcafee | 1 Network Data Loss Prevention | 2014-10-30 | 5.0 MEDIUM | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2012-1111 | 1 Robert Ancell | 1 Lightdm | 2014-10-29 | 4.6 MEDIUM | N/A |
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | |||||
CVE-2013-5150 | 1 Apple | 1 Iphone Os | 2014-10-24 | 1.9 LOW | N/A |
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
CVE-2014-3400 | 1 Cisco | 1 Webex Meetings Server | 2014-10-06 | 4.0 MEDIUM | N/A |
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||||
CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2014-10-04 | 5.0 MEDIUM | N/A |
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
CVE-2012-5505 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||||
CVE-2012-5492 | 1 Plone | 1 Plone | 2014-10-01 | 5.0 MEDIUM | N/A |
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | |||||
CVE-2012-5491 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||||
CVE-2014-5320 | 1 Bump Project | 1 Bump | 2014-09-22 | 5.0 MEDIUM | N/A |
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | |||||
CVE-2014-2377 | 1 Ecava | 1 Integraxor | 2014-09-16 | 5.0 MEDIUM | N/A |
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | |||||
CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2014-09-08 | 5.0 MEDIUM | N/A |
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | |||||
CVE-2014-4863 | 1 Arris | 2 Touchstone Dg950a, Touchstone Dg950a Software | 2014-09-08 | 5.0 MEDIUM | N/A |
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | |||||
CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2014-09-08 | 1.9 LOW | N/A |
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | |||||
CVE-2014-5076 | 1 Labanquepostale | 1 Labanquepostale | 2014-09-02 | 4.3 MEDIUM | N/A |
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework. | |||||
CVE-2014-3862 | 1 Hl7 | 1 C-cda | 2014-09-02 | 4.3 MEDIUM | N/A |
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. |