Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0006 | 1 Openstack | 1 Swift | 2014-03-07 | 4.3 MEDIUM | N/A |
| The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. | |||||
| CVE-2013-6419 | 1 Openstack | 1 Havana | 2014-03-07 | 5.0 MEDIUM | N/A |
| Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. | |||||
| CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2014-03-07 | 5.4 MEDIUM | N/A |
| The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | |||||
| CVE-2012-0825 | 1 Drupal | 1 Drupal | 2014-03-07 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | |||||
| CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2014-03-03 | 7.8 HIGH | N/A |
| The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | |||||
| CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2014-02-25 | 5.0 MEDIUM | N/A |
| BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||||
| CVE-2013-2074 | 1 Kde | 1 Kdelibs | 2014-02-24 | 5.0 MEDIUM | N/A |
| kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. | |||||
| CVE-2011-4327 | 1 Openbsd | 1 Openssh | 2014-02-21 | 2.1 LOW | N/A |
| ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. | |||||
| CVE-2014-1931 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-20 | 4.3 MEDIUM | N/A |
| The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests. | |||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-20 | 4.3 MEDIUM | N/A |
| Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2012-1171 | 1 Php | 1 Php | 2014-02-18 | 5.0 MEDIUM | N/A |
| The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | |||||
| CVE-2013-4739 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2014-02-06 | 4.9 MEDIUM | N/A |
| The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c. | |||||
| CVE-2013-1643 | 1 Php | 1 Php | 2014-01-27 | 5.0 MEDIUM | N/A |
| The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. | |||||
| CVE-2013-6447 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. | |||||
| CVE-2013-0157 | 1 Kernel | 1 Util-linux | 2014-01-22 | 2.1 LOW | N/A |
| (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | |||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2014-01-16 | 10.0 HIGH | N/A |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | |||||
| CVE-2010-5292 | 1 Amberdms | 1 Amberdms Billing System | 2014-01-10 | 1.9 LOW | N/A |
| Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job. | |||||
| CVE-2014-1234 | 1 Paratrooper-newrelic Project | 1 Paratrooper-newrelic | 2014-01-10 | 2.1 LOW | N/A |
| The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. | |||||
| CVE-2014-1233 | 1 Tobias Maier | 1 Paratrooper-pingdom | 2014-01-10 | 2.1 LOW | N/A |
| The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. | |||||
| CVE-2013-3233 | 1 Linux | 1 Linux Kernel | 2014-01-03 | 4.9 MEDIUM | N/A |
| The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||