Search
Total
3527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6381 | 1 Juniper | 3 Mobile System Software, Ringmaster, Smartpass | 2014-12-16 | 2.9 LOW | N/A |
| Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. | |||||
| CVE-2013-2078 | 1 Xen | 1 Xen | 2014-12-12 | 4.7 MEDIUM | N/A |
| Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | |||||
| CVE-2014-9351 | 1 Teeworlds | 1 Teeworlds | 2014-12-10 | 6.4 MEDIUM | N/A |
| engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2014-8789 | 1 Gleamtech | 1 Filevista | 2014-12-05 | 6.5 MEDIUM | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. | |||||
| CVE-2014-6609 | 1 Digium | 1 Asterisk | 2014-11-26 | 4.0 MEDIUM | N/A |
| The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. | |||||
| CVE-2013-7177 | 1 Fail2ban | 1 Fail2ban | 2014-11-19 | 5.0 MEDIUM | N/A |
| config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | |||||
| CVE-2013-7176 | 1 Fail2ban | 1 Fail2ban | 2014-11-19 | 5.0 MEDIUM | N/A |
| config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | |||||
| CVE-2014-8510 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2014-11-10 | 4.0 MEDIUM | N/A |
| The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. | |||||
| CVE-2014-6430 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2014-6429 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2014-1927 | 1 Python-gnupg Project | 1 Python-gnupg | 2014-10-29 | 7.5 HIGH | N/A |
| The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | |||||
| CVE-2011-4953 | 1 Cobbler Project | 1 Cobbler | 2014-10-29 | 6.8 MEDIUM | N/A |
| The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet. | |||||
| CVE-2010-5077 | 3 Ioquake3, Openarena, Tremulous | 3 Ioquake3 Engine, Openarena, Tremulous | 2014-10-29 | 7.8 HIGH | N/A |
| server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request. | |||||
| CVE-2014-1929 | 1 Python-gnupg Project | 1 Python-gnupg | 2014-10-27 | 4.4 MEDIUM | N/A |
| python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | |||||
| CVE-2014-1928 | 1 Python-gnupg Project | 1 Python-gnupg | 2014-10-27 | 4.6 MEDIUM | N/A |
| The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | |||||
| CVE-2014-6230 | 1 Wp Ban Project | 1 Wp Ban | 2014-10-27 | 4.3 MEDIUM | N/A |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | |||||
| CVE-2009-1172 | 1 Ibm | 1 Websphere Application Server | 2014-10-24 | 10.0 HIGH | N/A |
| The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. | |||||
| CVE-2014-3573 | 1 Redhat | 1 Enterprise Virtualization Manager | 2014-10-23 | 6.5 MEDIUM | N/A |
| The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-2278 | 1 Seeddms | 1 Seeddms | 2014-10-23 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter. | |||||
| CVE-2014-3395 | 1 Cisco | 1 Webex Meetings Server | 2014-10-23 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. | |||||
| CVE-2014-2880 | 1 Oracle | 1 Identity Manager | 2014-10-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. | |||||
| CVE-2014-7861 | 1 Apple | 1 Mac Os X | 2014-10-10 | 9.3 HIGH | N/A |
| The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | |||||
| CVE-2014-4870 | 1 Brocade | 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software | 2014-10-07 | 7.2 HIGH | N/A |
| /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. | |||||
| CVE-2014-6290 | 1 News Project | 1 News | 2014-10-06 | 7.5 HIGH | N/A |
| The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |||||
| CVE-2014-3823 | 1 Juniper | 1 Junos Pulse Secure Access Service | 2014-10-01 | 4.3 MEDIUM | N/A |
| The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2012-5619 | 1 Sleuthkit | 1 The Sleuth Kit | 2014-09-30 | 2.1 LOW | N/A |
| The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. | |||||
| CVE-2014-4973 | 1 Eset | 2 Endpoint Security, Smart Security | 2014-09-24 | 6.9 MEDIUM | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | |||||
| CVE-2014-2284 | 1 Net-snmp | 1 Net-snmp | 2014-09-13 | 5.0 MEDIUM | N/A |
| The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-2598 | 1 Codeaurora | 1 Android-msm | 2014-09-02 | 6.6 MEDIUM | N/A |
| app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory. | |||||
| CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2014-09-02 | 4.3 MEDIUM | N/A |
| DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
| CVE-2014-5398 | 1 Invensys | 1 Wonderware Information Server | 2014-08-28 | 2.1 LOW | N/A |
| Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-0762 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2014-08-28 | 4.7 MEDIUM | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. | |||||
| CVE-2014-0761 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2014-08-28 | 7.1 HIGH | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. | |||||
| CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2014-08-04 | 6.4 MEDIUM | N/A |
| The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | |||||
| CVE-2014-3817 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-08-01 | 7.8 HIGH | N/A |
| Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. | |||||
| CVE-2014-2966 | 1 Caucho | 1 Resin | 2014-07-28 | 5.0 MEDIUM | N/A |
| The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
| CVE-2014-3815 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-07-24 | 7.8 HIGH | N/A |
| Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. | |||||
| CVE-2014-4503 | 2 Cgminer Project, Sgminer Project | 2 Cgminer, Sgminer | 2014-07-23 | 4.3 MEDIUM | N/A |
| The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message. | |||||
| CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2014-07-23 | 5.0 MEDIUM | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | |||||
| CVE-2014-5019 | 1 Drupal | 1 Drupal | 2014-07-22 | 5.0 MEDIUM | N/A |
| The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use. | |||||
| CVE-2014-3819 | 1 Juniper | 1 Junos | 2014-07-18 | 7.8 HIGH | N/A |
| Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet. | |||||
| CVE-2014-3822 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2014-07-17 | 5.4 MEDIUM | N/A |
| Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | |||||
| CVE-2014-3889 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890. | |||||
| CVE-2014-3890 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. | |||||
| CVE-2012-6647 | 1 Linux | 1 Linux Kernel | 2014-06-27 | 4.9 MEDIUM | N/A |
| The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. | |||||
| CVE-2014-3814 | 1 Juniper | 3 Netscreen-5200, Netscreen-5400, Screenos | 2014-06-26 | 7.8 HIGH | N/A |
| The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | |||||
| CVE-2012-5572 | 1 Dancer | 1 Dancer | 2014-06-24 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526. | |||||
| CVE-2014-3216 | 1 Gomlab | 1 Gom Media Player | 2014-06-24 | 4.3 MEDIUM | N/A |
| GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | |||||
| CVE-2014-3873 | 1 Freebsd | 1 Freebsd | 2014-06-24 | 2.1 LOW | N/A |
| The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. | |||||
| CVE-2014-3880 | 1 Freebsd | 1 Freebsd | 2014-06-21 | 4.9 MEDIUM | N/A |
| The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. | |||||