Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8009 | 1 Cisco | 1 Unified Computing System | 2015-01-24 | 5.0 MEDIUM | N/A |
| The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. | |||||
| CVE-2014-9199 | 1 Clorius Controls A\/s | 1 Java Web Client | 2015-01-21 | 5.0 MEDIUM | N/A |
| The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. | |||||
| CVE-2014-9593 | 1 Apache | 1 Cloudstack | 2015-01-16 | 5.0 MEDIUM | N/A |
| Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | |||||
| CVE-2014-10005 | 1 Maianscriptworld | 1 Maian Uploader | 2015-01-13 | 5.0 MEDIUM | N/A |
| Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. | |||||
| CVE-2014-100009 | 1 Joomlaskin | 1 Js Multi Hotel | 2015-01-13 | 5.0 MEDIUM | N/A |
| The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/. | |||||
| CVE-2014-9579 | 1 Vdgsecurity | 1 Vdg Sense | 2015-01-08 | 5.0 MEDIUM | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | |||||
| CVE-2014-9577 | 1 Vdgsecurity | 1 Vdg Sense | 2015-01-08 | 4.0 MEDIUM | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response. | |||||
| CVE-2014-9576 | 1 Vdgsecurity | 1 Vdg Sense | 2015-01-08 | 5.0 MEDIUM | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access. | |||||
| CVE-2011-5314 | 1 Redaxscript | 1 Redaxscript | 2015-01-02 | 5.0 MEDIUM | N/A |
| templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2014-1908 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2014-12-30 | 5.0 MEDIUM | N/A |
| The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2014-6229 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | |||||
| CVE-2013-6241 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-12-29 | 4.0 MEDIUM | N/A |
| The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | |||||
| CVE-2014-7993 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2014-12-24 | 3.3 LOW | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. | |||||
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2014-12-12 | 4.0 MEDIUM | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | |||||
| CVE-2014-8452 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8451 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | |||||
| CVE-2014-8448 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | |||||
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2014-12-11 | 4.3 MEDIUM | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | |||||
| CVE-2014-7259 | 1 Square Enix Co Ltd | 1 Kaku San Sei Million Aruthur | 2014-12-05 | 5.0 MEDIUM | N/A |
| SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2014-9154 | 1 Notify Project | 1 Notify | 2014-12-05 | 4.0 MEDIUM | N/A |
| The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | |||||