Vulnerabilities (CVE)

Filtered by CWE-200
Total 8075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2374 1 Accuenergy 2 Acuvim Ii, Axm-net 2014-11-05 7.5 HIGH N/A
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
CVE-2014-4311 1 Epicor 1 Epicor Enterprise 2014-11-05 5.0 MEDIUM N/A
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
CVE-2014-8244 1 Linksys 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more 2014-11-04 7.5 HIGH N/A
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.
CVE-2014-8526 1 Mcafee 1 Network Data Loss Prevention 2014-10-30 2.1 LOW N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.
CVE-2014-8528 1 Mcafee 1 Network Data Loss Prevention 2014-10-30 2.1 LOW N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log.
CVE-2014-8524 1 Mcafee 1 Network Data Loss Prevention 2014-10-30 5.0 MEDIUM N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-1111 1 Robert Ancell 1 Lightdm 2014-10-29 4.6 MEDIUM N/A
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
CVE-2013-5150 1 Apple 1 Iphone Os 2014-10-24 1.9 LOW N/A
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2014-3400 1 Cisco 1 Webex Meetings Server 2014-10-06 4.0 MEDIUM N/A
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
CVE-2010-3860 1 Redhat 1 Icedtea 2014-10-04 5.0 MEDIUM N/A
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
CVE-2012-5505 1 Plone 1 Plone 2014-10-02 5.0 MEDIUM N/A
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
CVE-2012-5492 1 Plone 1 Plone 2014-10-01 5.0 MEDIUM N/A
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
CVE-2012-5491 1 Plone 1 Plone 2014-10-01 4.3 MEDIUM N/A
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
CVE-2014-5320 1 Bump Project 1 Bump 2014-09-22 5.0 MEDIUM N/A
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.
CVE-2014-2377 1 Ecava 1 Integraxor 2014-09-16 5.0 MEDIUM N/A
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
CVE-2014-4862 1 Netmaster 2 Cbw700 Software, Netmaster Cbw700n 2014-09-08 5.0 MEDIUM N/A
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request.
CVE-2014-4863 1 Arris 2 Touchstone Dg950a, Touchstone Dg950a Software 2014-09-08 5.0 MEDIUM N/A
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
CVE-2014-5036 1 Eucalyptus 1 Eucalyptus 2014-09-08 1.9 LOW N/A
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
CVE-2014-5076 1 Labanquepostale 1 Labanquepostale 2014-09-02 4.3 MEDIUM N/A
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.
CVE-2014-3862 1 Hl7 1 C-cda 2014-09-02 4.3 MEDIUM N/A
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.