Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-08-29
Updated
2018-10-09
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.
Max CVSS
2.9
EPSS Score
0.29%
Published
2014-08-20
Updated
2017-08-29
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-08-12
Updated
2017-08-29
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
Max CVSS
5.0
EPSS Score
0.63%
Published
2014-08-19
Updated
2017-01-07
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Max CVSS
5.0
EPSS Score
0.47%
Published
2014-08-07
Updated
2014-08-07
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Max CVSS
5.0
EPSS Score
0.47%
Published
2014-08-07
Updated
2014-08-07
usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-08-07
Updated
2014-08-07
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-08-27
Updated
2022-02-07
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-08-21
Updated
2023-02-13
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-08-07
Updated
2023-02-13
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
Max CVSS
4.3
EPSS Score
46.96%
Published
2014-08-13
Updated
2017-11-15
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
Max CVSS
5.0
EPSS Score
0.47%
Published
2014-08-29
Updated
2017-08-29
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
Max CVSS
5.0
EPSS Score
0.50%
Published
2014-08-19
Updated
2017-08-29
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-08-17
Updated
2017-08-29
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
Max CVSS
6.3
EPSS Score
0.28%
Published
2014-08-17
Updated
2017-08-29
IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page.
Max CVSS
5.0
EPSS Score
0.48%
Published
2014-08-11
Updated
2017-08-29
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-08-22
Updated
2017-08-29
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
Max CVSS
6.3
EPSS Score
0.19%
Published
2014-08-20
Updated
2017-08-29
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-08-22
Updated
2017-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
Max CVSS
7.8
EPSS Score
77.11%
Published
2014-08-29
Updated
2017-01-07
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!