Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6241 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-12-29 | 4.0 MEDIUM | N/A |
| The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | |||||
| CVE-2014-7993 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2014-12-24 | 3.3 LOW | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. | |||||
| CVE-2014-3410 | 1 Cisco | 1 Adaptive Security Appliance Software | 2014-12-22 | 4.3 MEDIUM | N/A |
| The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860. | |||||
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2014-12-12 | 4.0 MEDIUM | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | |||||
| CVE-2014-8452 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-11 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8451 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-11 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | |||||
| CVE-2014-8448 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-11 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | |||||
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2014-12-11 | 4.3 MEDIUM | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | |||||
| CVE-2014-7259 | 1 Square Enix Co Ltd | 1 Kaku San Sei Million Aruthur | 2014-12-05 | 5.0 MEDIUM | N/A |
| SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2014-9154 | 1 Notify Project | 1 Notify | 2014-12-05 | 4.0 MEDIUM | N/A |
| The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email. | |||||
| CVE-2014-8788 | 1 Gleamtech | 1 Filevista | 2014-12-05 | 4.0 MEDIUM | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | |||||
| CVE-2014-9156 | 1 Filefield Project | 1 Filefield | 2014-12-01 | 4.0 MEDIUM | N/A |
| The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file. | |||||
| CVE-2014-8425 | 1 Arris | 1 Vap2500 Firmware | 2014-11-28 | 7.8 HIGH | N/A |
| The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||||
| CVE-2014-8552 | 1 Siemens | 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more | 2014-11-26 | 5.0 MEDIUM | N/A |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | |||||
| CVE-2014-7195 | 1 Tibco | 3 Silver Fabric Enabler, Spotfire Deployment Kit, Spotfire Web Player | 2014-11-21 | 4.0 MEDIUM | N/A |
| Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-9025 | 1 Commerceguys | 1 Commerce | 2014-11-21 | 5.0 MEDIUM | N/A |
| The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-6622 | 1 Arubanetworks | 1 Clearpass | 2014-11-19 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | |||||
| CVE-2014-6621 | 1 Arubanetworks | 1 Clearpass | 2014-11-19 | 5.0 MEDIUM | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. | |||||
| CVE-2014-3502 | 1 Apache | 1 Cordova | 2014-11-17 | 4.3 MEDIUM | N/A |
| Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||||
| CVE-2014-8476 | 1 Freebsd | 1 Freebsd | 2014-11-14 | 2.1 LOW | N/A |
| The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | |||||