Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | ||||
| CVE-2014-5132 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. | ||||
| CVE-2014-5131 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. | ||||
| CVE-2014-5130 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token. | ||||
| CVE-2014-5028 | 1 Reviewboard | 1 Review Board | 2024-11-21 | N/A |
| The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | ||||
| CVE-2014-5011 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.5 Medium |
| DOMPDF before 0.6.2 allows Information Disclosure. | ||||
| CVE-2014-5004 | 1 Brbackup Project | 1 Brbackup | 2024-11-21 | N/A |
| lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-5001 | 1 Kcapifony Project | 1 Kcapifony | 2024-11-21 | N/A |
| lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | ||||
| CVE-2014-5000 | 1 Lawn-login Project | 1 Lawn-login | 2024-11-21 | N/A |
| The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4999 | 1 Kajam Project | 1 Kajam | 2024-11-21 | N/A |
| vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4998 | 1 Lean-ruport Project | 1 Lean-ruport | 2024-11-21 | N/A |
| test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | N/A |
| lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | N/A |
| Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | ||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-11-21 | N/A |
| (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | N/A |
| lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | N/A |
| (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4782 | 1 Ibm | 1 Infosphere Biginsights | 2024-11-21 | N/A |
| IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. | ||||
| CVE-2014-4659 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | ||||
| CVE-2014-4658 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | ||||
| CVE-2014-4024 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.9 Medium |
| SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack. | ||||