Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2018-10-09 | 5.0 MEDIUM | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2014-8889 | 1 Dropbox | 1 Dropbox Sdk | 2018-10-09 | 2.6 LOW | 5.3 MEDIUM |
| Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | |||||
| CVE-2014-8487 | 1 Kony | 1 Enterprise Mobile Management | 2018-10-09 | 4.0 MEDIUM | N/A |
| Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm. | |||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2018-10-09 | 5.0 MEDIUM | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | |||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2018-10-09 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | |||||
| CVE-2014-8082 | 1 Testlink | 1 Testlink | 2018-10-09 | 5.0 MEDIUM | N/A |
| lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. | |||||
| CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2018-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | |||||
| CVE-2014-5377 | 1 Manageengine | 1 Device Expert | 2018-10-09 | 5.0 MEDIUM | N/A |
| ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||||
| CVE-2014-5128 | 1 Iii | 1 Encore Discovery Solution | 2018-10-09 | 5.0 MEDIUM | N/A |
| Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4347 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2018-10-09 | 5.0 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. | |||||
| CVE-2014-5137 | 1 Iii | 1 Sierra | 2018-10-09 | 5.0 MEDIUM | N/A |
| Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | |||||
| CVE-2014-4980 | 1 Tenable | 2 Nessus, Web Ui | 2018-10-09 | 5.0 MEDIUM | N/A |
| The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | |||||
| CVE-2014-2301 | 1 Bscw | 1 Bscw | 2018-10-09 | 5.0 MEDIUM | N/A |
| OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. | |||||
| CVE-2014-0894 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2018-10-09 | 3.5 LOW | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document. | |||||
| CVE-2014-1664 | 1 Citrix | 1 Gotomeeting | 2018-10-09 | 5.0 MEDIUM | N/A |
| The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | |||||
| CVE-2014-0999 | 1 Sendio | 1 Sendio | 2018-10-09 | 5.0 MEDIUM | N/A |
| Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. | |||||
| CVE-2014-0871 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2018-10-09 | 4.3 MEDIUM | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character. | |||||
| CVE-2014-1677 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||||
| CVE-2014-0220 | 1 Cloudera | 1 Cloudera Manager | 2018-10-09 | 4.0 MEDIUM | N/A |
| Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. | |||||
| CVE-2013-6480 | 1 Apache | 1 Libcloud | 2018-10-09 | 2.1 LOW | N/A |
| Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | |||||