The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-09-02
Updated
2018-12-18

CVE-2014-5377

Public exploit
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.
Max CVSS
5.0
EPSS Score
23.90%
Published
2014-09-04
Updated
2018-10-09
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.
Max CVSS
5.0
EPSS Score
0.07%
Published
2014-09-22
Updated
2014-09-22
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule.
Max CVSS
5.0
EPSS Score
0.35%
Published
2014-09-02
Updated
2018-10-09
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.
Max CVSS
4.3
EPSS Score
0.24%
Published
2014-09-02
Updated
2014-09-02
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-09-05
Updated
2014-09-08

CVE-2014-4863

Public exploit
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
Max CVSS
5.0
EPSS Score
2.20%
Published
2014-09-05
Updated
2014-09-08
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request.
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-09-05
Updated
2014-09-08
IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
Max CVSS
4.3
EPSS Score
0.29%
Published
2014-09-18
Updated
2017-08-29
The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page.
Max CVSS
4.0
EPSS Score
0.14%
Published
2014-09-18
Updated
2017-08-29
IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-09-04
Updated
2017-08-29
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
Max CVSS
4.3
EPSS Score
0.49%
Published
2014-09-18
Updated
2017-08-29
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-09-18
Updated
2019-03-08
The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-09-19
Updated
2017-08-29
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-09-18
Updated
2017-08-29
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-09-18
Updated
2019-03-08
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
Max CVSS
2.1
EPSS Score
0.15%
Published
2014-09-18
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
2.69%
Published
2014-09-10
Updated
2018-10-12
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.
Max CVSS
4.3
EPSS Score
0.43%
Published
2014-09-02
Updated
2014-09-02
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-09-23
Updated
2017-08-29
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-09-23
Updated
2017-08-29
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-09-12
Updated
2017-08-29
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-09-15
Updated
2017-08-29
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
Max CVSS
5.0
EPSS Score
0.27%
Published
2014-09-15
Updated
2014-09-16
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!