Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3022 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. | |||||
| CVE-2014-3056 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | |||||
| CVE-2014-3066 | 1 Ibm | 1 Tivoli Endpoint Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0823 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2014-3867 | 1 Ibm | 1 Sametime | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. | |||||
| CVE-2014-2521 | 1 Emc | 1 Documentum Content Server | 2017-08-29 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | |||||
| CVE-2014-3092 | 1 Ibm | 7 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 4 more | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-4361 | 1 Apple | 1 Iphone Os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | |||||
| CVE-2014-3050 | 1 Ibm | 1 Rational Team Concert | 2017-08-29 | 3.5 LOW | N/A |
| IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors. | |||||
| CVE-2014-0965 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. | |||||
| CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | |||||
| CVE-2014-3301 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | |||||
| CVE-2014-3351 | 1 Cisco | 1 Cloud Portal | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. | |||||
| CVE-2014-0946 | 1 Ibm | 1 Operational Decision Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2014-2009 | 1 Mpay24 Project | 1 Mpay24 | 2017-08-29 | 5.0 MEDIUM | N/A |
| The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | |||||
| CVE-2014-3303 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 4.0 MEDIUM | N/A |
| The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | |||||
| CVE-2014-4362 | 1 Apple | 1 Iphone Os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | |||||
| CVE-2014-3481 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 5.0 MEDIUM | N/A |
| org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0857 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.0 MEDIUM | N/A |
| The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. | |||||
| CVE-2013-7299 | 1 Tntnet | 1 Tntnet | 2017-08-29 | 5.0 MEDIUM | N/A |
| framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests. | |||||