Total
10281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8105 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Fedora, Enterprise Linux | 2025-04-12 | N/A |
| 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. | ||||
| CVE-2014-8120 | 2 Redhat, Thermostat Project | 2 Rhel Software Collections, Thermostat | 2025-04-12 | N/A |
| The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors. | ||||
| CVE-2014-8122 | 1 Redhat | 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more | 2025-04-12 | N/A |
| Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. | ||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2025-04-12 | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2025-04-12 | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | ||||
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2025-04-12 | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | ||||
| CVE-2014-8391 | 1 Sendio | 1 Sendio | 2025-04-12 | N/A |
| The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests. | ||||
| CVE-2014-8520 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. | ||||
| CVE-2014-8525 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2014-8526 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. | ||||
| CVE-2014-8528 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. | ||||
| CVE-2014-8536 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. | ||||
| CVE-2014-8537 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. | ||||
| CVE-2014-8553 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | ||||
| CVE-2014-8566 | 3 Oracle, Redhat, Uninett | 3 Linux, Enterprise Linux, Mod Auth Mellon | 2025-04-12 | N/A |
| The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory." | ||||
| CVE-2014-8604 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | ||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2025-04-12 | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | ||||
| CVE-2014-8762 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-12 | N/A |
| The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | ||||
| CVE-2014-8678 | 1 Manageengine | 1 Oputils | 2025-04-12 | N/A |
| The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | ||||