Total
8075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
CVE-2014-3946 | 1 Typo3 | 1 Typo3 | 2014-06-04 | 4.0 MEDIUM | N/A |
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | |||||
CVE-2014-3787 | 1 Sap | 1 Netweaver | 2014-05-20 | 5.0 MEDIUM | N/A |
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||||
CVE-2014-0521 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-05-14 | 4.3 MEDIUM | N/A |
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. | |||||
CVE-2014-3242 | 1 Makina-corpus | 1 Soappy | 2014-05-13 | 5.0 MEDIUM | N/A |
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-6472 | 1 Mediawiki | 1 Mediawiki | 2014-05-13 | 5.0 MEDIUM | N/A |
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | |||||
CVE-2014-3129 | 1 Sap | 1 Netweaver Software Lifecycle Manager | 2014-05-10 | 5.0 MEDIUM | N/A |
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||||
CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||||
CVE-2013-2006 | 1 Openstack | 1 Keystone | 2014-05-05 | 2.1 LOW | N/A |
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | |||||
CVE-2014-2545 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2014-05-01 | 5.0 MEDIUM | N/A |
TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | |||||
CVE-2013-7373 | 1 Google | 1 Android | 2014-04-30 | 7.5 HIGH | N/A |
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | |||||
CVE-2013-7111 | 1 Basespace Ruby Sdk Project | 1 Basespace Ruby Sdk | 2014-04-29 | 5.0 MEDIUM | N/A |
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes. | |||||
CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 4.0 MEDIUM | N/A |
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
CVE-2014-2392 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
CVE-2014-2391 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. | |||||
CVE-2014-1322 | 1 Apple | 1 Mac Os X | 2014-04-24 | 4.9 MEDIUM | N/A |
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | |||||
CVE-2014-0778 | 1 Progea | 1 Movicon | 2014-04-21 | 5.0 MEDIUM | N/A |
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651. | |||||
CVE-2014-0644 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software | 2014-04-17 | 7.8 HIGH | N/A |
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. | |||||
CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | |||||
CVE-2014-2872 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors. |