Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2392 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
| The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2014-2391 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-04-24 | 4.3 MEDIUM | N/A |
| The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. | |||||
| CVE-2014-1322 | 1 Apple | 1 Mac Os X | 2014-04-24 | 4.9 MEDIUM | N/A |
| The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | |||||
| CVE-2014-0778 | 1 Progea | 1 Movicon | 2014-04-21 | 5.0 MEDIUM | N/A |
| The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651. | |||||
| CVE-2013-4279 | 1 Gilles Lamiral | 1 Imapsync | 2014-04-21 | 5.0 MEDIUM | N/A |
| imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site. | |||||
| CVE-2014-0644 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software | 2014-04-17 | 7.8 HIGH | N/A |
| EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. | |||||
| CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | |||||
| CVE-2014-2872 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors. | |||||
| CVE-2014-2871 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | |||||
| CVE-2014-0772 | 1 Advantech | 1 Advantech Webaccess | 2014-04-14 | 5.0 MEDIUM | N/A |
| The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2014-04-14 | 5.0 MEDIUM | N/A |
| The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
| CVE-2014-1515 | 2 Google, Mozilla | 2 Android, Firefox | 2014-03-31 | 1.9 LOW | N/A |
| Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | |||||
| CVE-2013-6656 | 1 Google | 1 Chrome | 2014-03-31 | 5.0 MEDIUM | N/A |
| The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2567 | 1 Trojita Project | 1 Trojita | 2014-03-25 | 4.3 MEDIUM | N/A |
| The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. | |||||
| CVE-2014-0708 | 1 Cisco | 1 Webex Meeting Center | 2014-03-24 | 5.0 MEDIUM | N/A |
| WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272. | |||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.0 MEDIUM | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||||
| CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2014-03-15 | 2.1 LOW | N/A |
| The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||
| CVE-2014-1274 | 1 Apple | 1 Iphone Os | 2014-03-14 | 2.1 LOW | N/A |
| FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | |||||
| CVE-2013-4194 | 1 Plone | 1 Plone | 2014-03-11 | 4.3 MEDIUM | N/A |
| The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. | |||||