Total
8075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2871 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | |||||
CVE-2014-0772 | 1 Advantech | 1 Advantech Webaccess | 2014-04-14 | 5.0 MEDIUM | N/A |
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2014-04-14 | 5.0 MEDIUM | N/A |
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
CVE-2014-1515 | 2 Google, Mozilla | 2 Android, Firefox | 2014-04-01 | 1.9 LOW | N/A |
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | |||||
CVE-2013-6656 | 1 Google | 1 Chrome | 2014-04-01 | 5.0 MEDIUM | N/A |
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-2567 | 1 Trojita Project | 1 Trojita | 2014-03-26 | 4.3 MEDIUM | N/A |
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. | |||||
CVE-2014-0708 | 1 Cisco | 1 Webex Meeting Center | 2014-03-24 | 5.0 MEDIUM | N/A |
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272. | |||||
CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.0 MEDIUM | N/A |
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||||
CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2014-03-16 | 2.1 LOW | N/A |
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||
CVE-2014-1274 | 1 Apple | 1 Iphone Os | 2014-03-14 | 2.1 LOW | N/A |
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | |||||
CVE-2013-4194 | 1 Plone | 1 Plone | 2014-03-12 | 4.3 MEDIUM | N/A |
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. | |||||
CVE-2014-0006 | 1 Openstack | 1 Swift | 2014-03-08 | 4.3 MEDIUM | N/A |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. | |||||
CVE-2013-6419 | 1 Openstack | 1 Havana | 2014-03-08 | 5.0 MEDIUM | N/A |
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. | |||||
CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2014-03-08 | 5.4 MEDIUM | N/A |
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | |||||
CVE-2012-0825 | 1 Drupal | 1 Drupal | 2014-03-08 | 6.8 MEDIUM | N/A |
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | |||||
CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2014-03-03 | 7.8 HIGH | N/A |
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | |||||
CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2014-02-25 | 5.0 MEDIUM | N/A |
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||||
CVE-2013-2074 | 1 Kde | 1 Kdelibs | 2014-02-25 | 5.0 MEDIUM | N/A |
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. | |||||
CVE-2011-4327 | 1 Openbsd | 1 Openssh | 2014-02-21 | 2.1 LOW | N/A |
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. |