Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173.
|
|||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
|
|||||
| CVE-2014-6048 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
|
|||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
|
|||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
|
|||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
|
|||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
|
|||||
| CVE-2014-5132 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses.
|
|||||
| CVE-2014-5131 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse.
|
|||||
| CVE-2014-5130 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token.
|
|||||
| CVE-2014-5028 | 1 Reviewboard | 1 Review Board | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
|
|||||
| CVE-2014-5011 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
DOMPDF before 0.6.2 allows Information Disclosure.
|
|||||
| CVE-2014-5004 | 1 Brbackup Project | 1 Brbackup | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-5001 | 1 Kcapifony Project | 1 Kcapifony | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.
|
|||||
| CVE-2014-5000 | 1 Lawn-login Project | 1 Lawn-login | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4999 | 1 Kajam Project | 1 Kajam | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4998 | 1 Lean-ruport Project | 1 Lean-ruport | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | 1.9 LOW | 7.0 HIGH |
|
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
|
|||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
|
|||||
| CVE-2014-4782 | 1 Ibm | 1 Infosphere Biginsights | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029.
|
|||||
| CVE-2014-4658 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
|
|||||
| CVE-2014-4024 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.
|
|||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
|
|||||
| CVE-2014-3753 | 1 1password | 1 1password | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
AgileBits 1Password through 1.0.9.340 allows security feature bypass
|
|||||
| CVE-2014-3591 | 2 Debian, Gnupg | 3 Debian Linux, Gnupg, Libgcrypt | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
|
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
|
|||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
|
|||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.
|
|||||
| CVE-2014-2359 | 1 Oleumtech | 4 Ad1, Ad1 Firmware, Ft1 and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.
|
|||||
| CVE-2014-2078 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.
|
|||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
|
|||||
| CVE-2014-125102 | 1 Bestwebsoft | 1 Relevant | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 ...
Show More |
|||||
| CVE-2014-125093 | 1 Getadmiral | 1 Ad Blocking Detector | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The patch is identified as 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigne ...
Show More |
|||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
|
|||||
| CVE-2014-10374 | 1 Fitbit | 2 Charge 2, Charge 2 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up pas ...
Show More |
|||||
| CVE-2014-10079 | 1 Vembu | 1 Storegrid | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
|
|||||
| CVE-2014-10076 | 1 Wp-db-backup Project | 1 Wp-db-backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.
|
|||||
| CVE-2014-10062 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationServi ...
Show More |
|||||