Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3251 | 1 Apache | 1 Cloudstack | 2018-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | |||||
| CVE-2015-2998 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 5.0 MEDIUM | N/A |
| SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. | |||||
| CVE-2015-2997 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 5.0 MEDIUM | N/A |
| SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message. | |||||
| CVE-2015-2826 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2018-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. | |||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | |||||
| CVE-2015-2748 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2018-10-09 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | |||||
| CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2018-10-09 | 5.0 MEDIUM | N/A |
| The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||||
| CVE-2015-1600 | 1 Netatmo | 2 Indoor Module, Indoor Module Firmware | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. | |||||
| CVE-2015-1482 | 1 Ansible | 1 Tower | 2018-10-09 | 5.0 MEDIUM | N/A |
| Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. | |||||
| CVE-2015-1480 | 1 Manageengine | 1 Servicedesk Plus | 2018-10-09 | 4.0 MEDIUM | N/A |
| ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp. | |||||
| CVE-2015-1415 | 1 Freebsd | 1 Freebsd | 2018-10-09 | 2.1 LOW | N/A |
| The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | |||||
| CVE-2015-0514 | 1 Emc | 2 Vipr Srm, Watch4net | 2018-10-09 | 5.0 MEDIUM | N/A |
| EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | |||||
| CVE-2014-9408 | 1 Ekahau | 4 Activator, B4 Staff Badge Tag, B4 Staff Badge Tag Firmware and 1 more | 2018-10-09 | 5.0 MEDIUM | N/A |
| Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. | |||||
| CVE-2014-9303 | 1 Entrypass | 1 N5200 Active Network Control Panel | 2018-10-09 | 7.8 HIGH | N/A |
| EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868. | |||||
| CVE-2014-8889 | 1 Dropbox | 1 Dropbox Sdk | 2018-10-09 | 2.6 LOW | 5.3 MEDIUM |
| Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | |||||
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2018-10-09 | 5.0 MEDIUM | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2014-8487 | 1 Kony | 1 Enterprise Mobile Management | 2018-10-09 | 4.0 MEDIUM | N/A |
| Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm. | |||||
| CVE-2014-8391 | 1 Sendio | 1 Sendio | 2018-10-09 | 4.0 MEDIUM | N/A |
| The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests. | |||||
| CVE-2014-8315 | 1 Sap | 1 Businessobjects Explorer | 2018-10-09 | 5.0 MEDIUM | N/A |
| polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. | |||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2018-10-09 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | |||||