CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4768 | low | — | 2.1 | 11y ago | IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of ser… | |||
| CVE-2014-4776 | low | — | 2.1 | 11y ago | IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended… | |||
| CVE-2014-6211 | low | — | 2.1 | 11y ago | The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of p… | |||
| CVE-2014-3586 | low | — | 2.1 | 11y ago | The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-h… | |||
| CVE-2014-9644 | low | — | 2.1 | 11y ago | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the… | |||
| CVE-2014-4818 | low | — | 2.1 | 11y ago | dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecifi… | |||
| CVE-2014-6147 | low | — | 2.1 | 11y ago | IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation at… | |||
| CVE-2014-6102 | low | — | 2.1 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asse… | |||
| CVE-2014-8733 | low | — | 2.1 | 12y ago | Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. | |||
| CVE-2014-9568 | low | — | 2.1 | 12y ago | puppetlabs-rabbitmq allows local users to obtain sensitive information | |||
| CVE-2014-8834 | low | — | 2.1 | 12y ago | UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | |||
| CVE-2014-8833 | low | — | 2.1 | 12y ago | SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users'… | |||
| CVE-2014-8827 | low | — | 2.1 | 12y ago | LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive informat… | |||
| CVE-2014-4499 | low | — | 2.1 | 12y ago | The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||
| CVE-2014-4835 | low | — | 2.1 | 12y ago | IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive informa… | |||
| CVE-2014-9496 | low | — | 2.1 | 12y ago | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | |||
| CVE-2014-5231 | low | — | 2.1 | 12y ago | The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | |||
| CVE-2014-9191 | low | — | 2.1 | 12y ago | The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang… | |||
| CVE-2014-9585 | low | — | 2.1 | 12y ago | The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR … | |||
| CVE-2014-9584 | low | — | 2.1 | 12y ago | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows loca… | |||
| CVE-2014-1425 | low | — | 2.1 | 12y ago | cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. | |||
| CVE-2014-6160 | low | — | 2.1 | 12y ago | IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attac… | |||
| CVE-2014-6123 | low | — | 2.1 | 12y ago | IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to … | |||
| CVE-2014-9419 | low | — | 2.1 | 12y ago | The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, … | |||
| CVE-2014-8136 | low | — | 2.1 | 12y ago | The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denia… | |||
| CVE-2014-8135 | low | — | 2.1 | 12y ago | The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereferen… | |||
| CVE-2014-8133 | low | — | 2.1 | 12y ago | arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easie… | |||
| CVE-2014-9252 | low | — | 2.1 | 12y ago | Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. | |||
| CVE-2014-6143 | low | — | 2.1 | 12y ago | The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. | |||
| CVE-2014-1595 | low | — | 2.1 | 12y ago | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, wh… | |||
| CVE-2014-3099 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2014-4702 | low | — | 2.1 | 12y ago | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4… | |||
| CVE-2014-4701 | low | — | 2.1 | 12y ago | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4… | |||
| CVE-2014-3561 | low | — | 2.1 | 12y ago | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive… | |||
| CVE-2014-7835 | low | — | 2.1 | 12y ago | Moodle allows attackers to upload files containing JavaScript | |||
| CVE-2014-4817 | low | — | 2.1 | 12y ago | The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a … | |||
| CVE-2014-7824 | low | — | 2.1 | 12y ago | D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the… | |||
| CVE-2014-4463 | low | — | 2.1 | 12y ago | Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||
| CVE-2014-4460 | low | — | 2.1 | 12y ago | CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate a… | |||
| CVE-2014-4455 | low | — | 2.1 | 12y ago | dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restriction… | |||
| CVE-2014-6110 | low | — | 2.1 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | |||
| CVE-2014-0059 | low | — | 2.1 | 12y ago | JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive informat… | |||
| CVE-2014-3209 | low | — | 2.1 | 12y ago | The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | |||
| CVE-2014-8476 | low | — | 2.1 | 12y ago | The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a ca… | |||
| CVE-2014-3602 | low | — | 2.1 | 12y ago | Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | |||
| CVE-2014-3645 | low | — | 2.1 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS cr… | |||
| CVE-2014-5038 | low | — | 2.1 | 12y ago | Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. | |||
| CVE-2014-5037 | low | — | 2.1 | 12y ago | Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | |||
| CVE-2014-3640 | low | — | 2.1 | 12y ago | The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a… | |||
| CVE-2014-4974 | low | — | 2.1 | 12y ago | The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local us… | |||
| CVE-2014-3615 | low | — | 2.1 | 12y ago | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||
| CVE-2014-8399 | low | — | 2.1 | 12y ago | The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2014-8537 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | |||
| CVE-2014-8536 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | |||
| CVE-2014-8534 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. | |||
| CVE-2014-8529 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-8528 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. | |||
| CVE-2014-8526 | low | — | 2.1 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | |||
| CVE-2014-8519 | low | — | 2.1 | 12y ago | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. | |||
| CVE-2014-8518 | low | — | 2.1 | 12y ago | The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, an… | |||
| CVE-2014-6133 | low | — | 2.1 | 12y ago | IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. | |||
| CVE-2014-4620 | low | — | 2.1 | 12y ago | The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, w… | |||
| CVE-2014-5449 | low | — | 2.1 | 12y ago | Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | |||
| CVE-2014-5448 | low | — | 2.1 | 12y ago | Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | |||
| CVE-2014-5447 | low | — | 2.1 | 12y ago | Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerab… | |||
| CVE-2014-4446 | low | — | 2.1 | 12y ago | Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunist… | |||
| CVE-2014-4431 | low | — | 2.1 | 12y ago | Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||
| CVE-2014-6551 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. | |||
| CVE-2014-6501 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. | |||
| CVE-2014-6488 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.… | |||
| CVE-2014-5351 | low | — | 2.1 | 12y ago | The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r… | |||
| CVE-2014-5270 | low | — | 2.1 | 12y ago | Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers … | |||
| CVE-2014-7231 | low | — | 2.1 | 12y ago | OpenStack Oslo utility sensitive information exposure via log files | |||
| CVE-2014-7230 | low | — | 2.1 | 12y ago | The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro… | |||
| CVE-2014-4330 | low | — | 2.1 | 12y ago | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Referenc… | |||
| CVE-2014-3639 | low | — | 2.1 | 12y ago | The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and pre… | |||
| CVE-2014-3638 | low | — | 2.1 | 12y ago | The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of metho… | |||
| CVE-2014-3637 | low | — | 2.1 | 12y ago | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bu… | |||
| CVE-2014-4403 | low | — | 2.1 | 12y ago | The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Glob… | |||
| CVE-2014-4367 | low | — | 2.1 | 12y ago | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||
| CVE-2014-4357 | low | — | 2.1 | 12y ago | Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | |||
| CVE-2014-4356 | low | — | 2.1 | 12y ago | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by readi… | |||
| CVE-2014-4352 | low | — | 2.1 | 12y ago | Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||
| CVE-2014-3077 | low | — | 2.1 | 12y ago | IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information b… | |||
| CVE-2014-3079 | low | — | 2.1 | 12y ago | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with… | |||
| CVE-2014-4805 | low | — | 2.1 | 12y ago | IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | |||
| CVE-2014-5247 | low | — | 2.1 | 12y ago | The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, … | |||
| CVE-2014-3093 | low | — | 2.1 | 12y ago | IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) pow… | |||
| CVE-2014-5398 | low | — | 2.1 | 12y ago | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i… | |||
| CVE-2014-2381 | low | — | 2.1 | 12y ago | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. | |||
| CVE-2014-5457 | low | — | 2.1 | 12y ago | QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass… | |||
| CVE-2014-5456 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi… | |||
| CVE-2014-5240 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script o… | |||
| CVE-2014-0876 | low | — | 2.1 | 12y ago | Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x … | |||
| CVE-2014-4757 | low | — | 2.1 | 12y ago | The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary … | |||
| CVE-2014-3851 | low | — | 2.1 | 12y ago | usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | |||
| CVE-2014-3800 | low | — | 2.1 | 12y ago | XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | |||
| CVE-2014-0103 | low | — | 2.1 | 12y ago | WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | |||
| CVE-2014-4747 | low | — | 2.1 | 12y ago | The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML… | |||
| CVE-2014-5021 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject a… |