CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3316 | medium | — | 4.0 | 12y ago | The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted para… | |||
| CVE-2014-2814 | medium | — | 4.0 | 12y ago | Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP m… | |||
| CVE-2014-3298 | medium | — | 4.0 | 12y ago | Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML… | |||
| CVE-2014-3297 | medium | — | 4.0 | 12y ago | Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information … | |||
| CVE-2014-3477 | medium | 4.0 | 4.0 | 12y ago | The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing … | |||
| CVE-2014-4338 | medium | — | 4.0 | 12y ago | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow direct… | |||
| CVE-2014-3296 | medium | — | 4.0 | 12y ago | The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID C… | |||
| CVE-2014-2151 | medium | — | 4.0 | 12y ago | The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug I… | |||
| CVE-2014-0478 | medium | — | 4.0 | 12y ago | APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | |||
| CVE-2014-0220 | medium | — | 4.0 | 12y ago | Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. | |||
| CVE-2014-3294 | medium | — | 4.0 | 12y ago | Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-serve… | |||
| CVE-2014-3287 | medium | — | 4.0 | 12y ago | SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL co… | |||
| CVE-2014-3042 | medium | — | 4.0 | 12y ago | IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) b… | |||
| CVE-2014-3940 | medium | — | 4.0 | 12y ago | The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing cert… | |||
| CVE-2014-2346 | medium | — | 4.0 | 12y ago | COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate at… | |||
| CVE-2014-3963 | medium | — | 4.0 | 12y ago | ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | |||
| CVE-2014-3838 | medium | — | 4.0 | 12y ago | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to mul… | |||
| CVE-2014-3837 | medium | — | 4.0 | 12y ago | The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. | |||
| CVE-2014-3946 | medium | — | 4.0 | 12y ago | Typo3 Information Disclosure | |||
| CVE-2014-3945 | medium | — | 4.0 | 12y ago | TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash | |||
| CVE-2014-3280 | medium | — | 4.0 | 12y ago | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potent… | |||
| CVE-2014-3282 | medium | — | 4.0 | 12y ago | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… | |||
| CVE-2014-3277 | medium | — | 4.0 | 12y ago | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… | |||
| CVE-2014-0215 | medium | — | 4.0 | 12y ago | Moodle Reveals Student Information Meant To Be Anonymous | |||
| CVE-2014-3276 | medium | — | 4.0 | 12y ago | Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which al… | |||
| CVE-2014-0959 | medium | — | 4.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infi… | |||
| CVE-2014-0078 | medium | — | 4.0 | 12y ago | The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | |||
| CVE-2014-1682 | medium | — | 4.0 | 12y ago | The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | |||
| CVE-2014-1443 | medium | — | 4.0 | 12y ago | Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to … | |||
| CVE-2014-1442 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | |||
| CVE-2014-0857 | medium | — | 4.0 | 12y ago | The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted reques… | |||
| CVE-2014-3132 | medium | — | 4.0 | 12y ago | SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7… | |||
| CVE-2014-3131 | medium | — | 4.0 | 12y ago | SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||
| CVE-2014-2185 | medium | — | 4.0 | 12y ago | The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields … | |||
| CVE-2014-2180 | medium | — | 4.0 | 12y ago | The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a … | |||
| CVE-2014-2665 | medium | — | 4.0 | 12y ago | includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended lo… | |||
| CVE-2014-1517 | medium | — | 4.0 | 12y ago | The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authent… | |||
| CVE-2014-2522 | medium | — | 4.0 | 12y ago | curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name … | |||
| CVE-2014-1453 | medium | — | 4.0 | 12y ago | The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause … | |||
| CVE-2014-2460 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote authenticated users… | |||
| CVE-2014-2452 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver… | |||
| CVE-2014-2450 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2014-2449 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidenti… | |||
| CVE-2014-2446 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors rel… | |||
| CVE-2014-2442 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM. | |||
| CVE-2014-2435 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||
| CVE-2014-2434 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2014-2429 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vecto… | |||
| CVE-2014-2425 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2014-2419 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||
| CVE-2014-2404 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authent… | |||
| CVE-2014-0453 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unkno… | |||
| CVE-2014-0384 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML. | |||
| CVE-2014-0920 | medium | — | 4.0 | 12y ago | IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-2141 | medium | — | 4.0 | 12y ago | The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a … | |||
| CVE-2014-0165 | medium | — | 4.0 | 12y ago | WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-… | |||
| CVE-2014-2600 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users … | |||
| CVE-2014-2145 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wa… | |||
| CVE-2014-0066 | medium | — | 4.0 | 12y ago | The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library f… | |||
| CVE-2014-0060 | medium | — | 4.0 | 12y ago | PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticate… | |||
| CVE-2014-2572 | medium | — | 4.0 | 12y ago | Moodle attackers to modify grade metadata | |||
| CVE-2014-0129 | medium | — | 4.0 | 12y ago | Moodle allows attackers to modify the visibility of a badge | |||
| CVE-2014-0124 | medium | — | 4.0 | 12y ago | Moodle allows attackers to obtain sensitive information | |||
| CVE-2014-2535 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted… | |||
| CVE-2014-0630 | medium | — | 4.0 | 12y ago | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | |||
| CVE-2014-2102 | medium | — | 4.0 | 12y ago | Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining t… | |||
| CVE-2014-0820 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2014-0746 | medium | — | 4.0 | 12y ago | The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML docu… | |||
| CVE-2014-0839 | medium | — | 4.0 | 12y ago | IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. | |||
| CVE-2014-0724 | medium | — | 4.0 | 13y ago | The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified p… | |||
| CVE-2014-1643 | medium | — | 4.0 | 13y ago | The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of ar… | |||
| CVE-2014-0834 | medium | — | 4.0 | 13y ago | IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program. | |||
| CVE-2014-0015 | medium | — | 4.0 | 13y ago | cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via… | |||
| CVE-2014-0830 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authentica… | |||
| CVE-2014-1672 | medium | — | 4.0 | 13y ago | Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, whic… | |||
| CVE-2014-1476 | medium | — | 4.0 | 13y ago | The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to ob… | |||
| CVE-2014-0672 | medium | — | 4.0 | 13y ago | The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this … | |||
| CVE-2014-0008 | medium | — | 4.0 | 13y ago | lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitiv… | |||
| CVE-2014-0261 | medium | — | 4.0 | 13y ago | Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) inst… | |||
| CVE-2014-0665 | medium | — | 4.0 | 13y ago | The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive … | |||
| CVE-2014-0440 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related t… | |||
| CVE-2014-0439 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors rela… | |||
| CVE-2014-0438 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2014-0435 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availabil… | |||
| CVE-2014-0425 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vec… | |||
| CVE-2014-0412 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unk… | |||
| CVE-2014-0411 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity v… | |||
| CVE-2014-0402 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unk… | |||
| CVE-2014-0401 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unk… | |||
| CVE-2014-0399 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentialit… | |||
| CVE-2014-0392 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related… | |||
| CVE-2014-0388 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown… | |||
| CVE-2014-0386 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unk… | |||
| CVE-2014-0377 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors rela… | |||
| CVE-2014-0366 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality v… | |||
| CVE-2014-0031 | medium | — | 4.0 | 13y ago | The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | |||
| CVE-2014-0657 | medium | — | 4.0 | 13y ago | The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-ba… | |||
| CVE-2014-0656 | medium | — | 4.0 | 13y ago | Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | |||
| CVE-2014-4876 | low | 3.7 | 3.7 | 11y ago | Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted … | |||
| CVE-2014-2459 | low | — | 3.7 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availabi… |