Total
10712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9361 | 1 Logintoboggan Project | 1 Logintoboggan | 2025-04-12 | N/A |
| The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. | ||||
| CVE-2014-9408 | 1 Ekahau | 4 Activator, B4 Staff Badge Tag, B4 Staff Badge Tag Firmware and 1 more | 2025-04-12 | N/A |
| Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. | ||||
| CVE-2014-9506 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. | ||||
| CVE-2014-9576 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access. | ||||
| CVE-2014-9568 | 1 Voxpupuli | 1 Rabbitmq | 2025-04-12 | N/A |
| puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. | ||||
| CVE-2014-9712 | 1 Websense | 1 V-series Appliances | 2025-04-12 | N/A |
| Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. | ||||
| CVE-2014-9896 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | ||||
| CVE-2014-9897 | 1 Google | 1 Android | 2025-04-12 | N/A |
| sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | ||||
| CVE-2014-9898 | 1 Google | 1 Android | 2025-04-12 | N/A |
| arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575. | ||||
| CVE-2014-9899 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | ||||
| CVE-2015-0094 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." | ||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2025-04-12 | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-0260 | 2 Kallithea-scm, Rhodecode | 2 Kallithea, Rhodecode Enterprise | 2025-04-12 | N/A |
| RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. | ||||
| CVE-2015-0517 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | ||||
| CVE-2015-0583 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | ||||
| CVE-2015-2335 | 1 Mybb | 1 Mybb | 2025-04-12 | N/A |
| A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. | ||||
| CVE-2015-0595 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | ||||
| CVE-2015-0597 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. | ||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | ||||
| CVE-2015-0764 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | ||||