CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4299 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown … | |||
| CVE-2014-4298 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown … | |||
| CVE-2014-4297 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4296 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4295 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unkno… | |||
| CVE-2014-4294 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unkno… | |||
| CVE-2014-4293 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4292 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4291 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4290 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2014-4287 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. | |||
| CVE-2014-3664 | medium | — | 4.0 | 12y ago | Jenkins Path Traversal vulnerability | |||
| CVE-2014-1571 | medium | — | 4.0 | 12y ago | Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment inf… | |||
| CVE-2014-4761 | medium | — | 4.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to dis… | |||
| CVE-2014-8079 | medium | — | 4.0 | 12y ago | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script o… | |||
| CVE-2014-5376 | medium | — | 4.0 | 12y ago | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticat… | |||
| CVE-2014-5375 | medium | — | 4.0 | 12y ago | The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate … | |||
| CVE-2014-3641 | medium | — | 4.0 | 12y ago | OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability | |||
| CVE-2014-4802 | medium | — | 4.0 | 12y ago | The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allow… | |||
| CVE-2014-0140 | medium | — | 4.0 | 12y ago | Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | |||
| CVE-2014-3400 | medium | — | 4.0 | 12y ago | Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||
| CVE-2014-6414 | medium | — | 4.0 | 12y ago | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||
| CVE-2014-3621 | medium | — | 4.0 | 12y ago | The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo… | |||
| CVE-2014-3377 | medium | — | 4.0 | 12y ago | snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||
| CVE-2014-4819 | medium | — | 4.0 | 12y ago | The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the e… | |||
| CVE-2014-3617 | medium | — | 4.0 | 12y ago | Moodle allows discovery of an author's username | |||
| CVE-2014-4792 | medium | — | 4.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a… | |||
| CVE-2014-3342 | medium | — | 4.0 | 12y ago | The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | |||
| CVE-2014-5393 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission … | |||
| CVE-2014-6232 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2014-6074 | medium | — | 4.0 | 12y ago | IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page. | |||
| CVE-2014-6028 | medium | — | 4.0 | 12y ago | TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php. | |||
| CVE-2014-0863 | medium | — | 4.0 | 12y ago | The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to ob… | |||
| CVE-2014-4759 | medium | — | 4.0 | 12y ago | An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing… | |||
| CVE-2014-4758 | medium | — | 4.0 | 12y ago | IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal servi… | |||
| CVE-2014-6064 | medium | — | 4.0 | 12y ago | The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspe… | |||
| CVE-2014-5472 | medium | — | 4.0 | 12y ago | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 ima… | |||
| CVE-2014-5471 | medium | — | 4.0 | 12y ago | Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled rec… | |||
| CVE-2014-3350 | medium | — | 4.0 | 12y ago | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,… | |||
| CVE-2014-3349 | medium | — | 4.0 | 12y ago | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files … | |||
| CVE-2014-3340 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo… | |||
| CVE-2014-0640 | medium | — | 4.0 | 12y ago | EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | |||
| CVE-2014-3528 | medium | — | 4.0 | 12y ago | Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers … | |||
| CVE-2014-3522 | medium | — | 4.0 | 12y ago | The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certif… | |||
| CVE-2014-3504 | medium | — | 4.0 | 12y ago | The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in t… | |||
| CVE-2014-3087 | medium | — | 4.0 | 12y ago | callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external… | |||
| CVE-2014-5239 | medium | — | 4.0 | 12y ago | The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen… | |||
| CVE-2014-5197 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot)… | |||
| CVE-2014-2629 | medium | — | 4.0 | 12y ago | HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote auth… | |||
| CVE-2014-2628 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2014-3332 | medium | — | 4.0 | 12y ago | Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecif… | |||
| CVE-2014-3303 | medium | — | 4.0 | 12y ago | The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server acces… | |||
| CVE-2014-2370 | medium | — | 4.0 | 12y ago | Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web scr… | |||
| CVE-2014-3555 | medium | — | 4.0 | 12y ago | OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a la… | |||
| CVE-2014-4987 | medium | — | 4.0 | 12y ago | server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers… | |||
| CVE-2014-1993 | medium | — | 4.0 | 12y ago | The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2014-3323 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | |||
| CVE-2014-4270 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Us… | |||
| CVE-2014-4269 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Us… | |||
| CVE-2014-4263 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related t… | |||
| CVE-2014-4244 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2014-4239 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). | |||
| CVE-2014-4238 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. | |||
| CVE-2014-4237 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2014-4233 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP. | |||
| CVE-2014-4207 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. | |||
| CVE-2014-2494 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. | |||
| CVE-2014-4031 | medium | — | 4.0 | 12y ago | The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credential… | |||
| CVE-2014-3485 | medium | — | 4.0 | 12y ago | The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via un… | |||
| CVE-2014-3318 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary … | |||
| CVE-2014-3316 | medium | — | 4.0 | 12y ago | The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted para… | |||
| CVE-2014-2814 | medium | — | 4.0 | 12y ago | Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP m… | |||
| CVE-2014-3298 | medium | — | 4.0 | 12y ago | Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML… | |||
| CVE-2014-3297 | medium | — | 4.0 | 12y ago | Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information … | |||
| CVE-2014-3477 | medium | 4.0 | 4.0 | 12y ago | The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing … | |||
| CVE-2014-4338 | medium | — | 4.0 | 12y ago | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow direct… | |||
| CVE-2014-3296 | medium | — | 4.0 | 12y ago | The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID C… | |||
| CVE-2014-2151 | medium | — | 4.0 | 12y ago | The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug I… | |||
| CVE-2014-0478 | medium | — | 4.0 | 12y ago | APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | |||
| CVE-2014-0220 | medium | — | 4.0 | 12y ago | Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. | |||
| CVE-2014-3294 | medium | — | 4.0 | 12y ago | Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-serve… | |||
| CVE-2014-3287 | medium | — | 4.0 | 12y ago | SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL co… | |||
| CVE-2014-3042 | medium | — | 4.0 | 12y ago | IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) b… | |||
| CVE-2014-3940 | medium | — | 4.0 | 12y ago | The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing cert… | |||
| CVE-2014-2346 | medium | — | 4.0 | 12y ago | COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate at… | |||
| CVE-2014-3963 | medium | — | 4.0 | 12y ago | ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | |||
| CVE-2014-3838 | medium | — | 4.0 | 12y ago | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to mul… | |||
| CVE-2014-3837 | medium | — | 4.0 | 12y ago | The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. | |||
| CVE-2014-3946 | medium | — | 4.0 | 12y ago | Typo3 Information Disclosure | |||
| CVE-2014-3945 | medium | — | 4.0 | 12y ago | TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash | |||
| CVE-2014-3280 | medium | — | 4.0 | 12y ago | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potent… | |||
| CVE-2014-3282 | medium | — | 4.0 | 12y ago | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… | |||
| CVE-2014-3277 | medium | — | 4.0 | 12y ago | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… | |||
| CVE-2014-0215 | medium | — | 4.0 | 12y ago | Moodle Reveals Student Information Meant To Be Anonymous | |||
| CVE-2014-3276 | medium | — | 4.0 | 12y ago | Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which al… | |||
| CVE-2014-0959 | medium | — | 4.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infi… | |||
| CVE-2014-0078 | medium | — | 4.0 | 12y ago | The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | |||
| CVE-2014-1682 | medium | — | 4.0 | 12y ago | The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | |||
| CVE-2014-1443 | medium | — | 4.0 | 12y ago | Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to … | |||
| CVE-2014-1442 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. |