Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1730 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.8 HIGH | N/A |
| Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. | |||||
| CVE-2014-1731 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.5 HIGH | N/A |
| core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. | |||||
| CVE-2014-1732 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. | |||||
| CVE-2014-1733 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.5 HIGH | N/A |
| The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. | |||||
| CVE-2014-1734 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-1735 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-01-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-1891 | 1 Xen | 1 Xen | 2017-01-07 | 5.2 MEDIUM | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | |||||
| CVE-2014-1892 | 1 Xen | 1 Xen | 2017-01-07 | 5.2 MEDIUM | N/A |
| Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. | |||||
| CVE-2014-1893 | 1 Xen | 1 Xen | 2017-01-07 | 5.2 MEDIUM | N/A |
| Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | |||||
| CVE-2014-1894 | 1 Xen | 1 Xen | 2017-01-07 | 5.2 MEDIUM | N/A |
| Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. | |||||
| CVE-2014-1895 | 1 Xen | 1 Xen | 2017-01-07 | 5.8 MEDIUM | N/A |
| Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. | |||||
| CVE-2014-1896 | 1 Xen | 1 Xen | 2017-01-07 | 4.9 MEDIUM | N/A |
| The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." | |||||
| CVE-2014-2053 | 2 Getid3, Owncloud | 2 Getid3, Owncloud | 2017-01-07 | 7.5 HIGH | N/A |
| getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2014-2197 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2017-01-07 | 9.0 HIGH | N/A |
| The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. | |||||
| CVE-2014-2198 | 1 Cisco | 2 Unified Cdm Platform Software, Unified Communications Domain Manager | 2017-01-07 | 10.0 HIGH | N/A |
| Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. | |||||
| CVE-2014-2434 | 1 Oracle | 1 Mysql | 2017-01-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2014-2435 | 1 Oracle | 1 Mysql | 2017-01-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||||
| CVE-2014-2470 | 1 Oracle | 1 Fusion Middleware | 2017-01-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. | |||||
| CVE-2014-2497 | 1 Php | 1 Php | 2017-01-07 | 4.3 MEDIUM | N/A |
| The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. | |||||
| CVE-2014-2510 | 1 Emc | 4 Centerstage, Documentum Foundation Services, My Documentum For Desktop and 1 more | 2017-01-07 | 6.8 MEDIUM | N/A |
| The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-2513 | 1 Emc | 1 Documentum Content Server | 2017-01-07 | 8.2 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. | |||||
| CVE-2014-2514 | 1 Emc | 1 Documentum Content Server | 2017-01-07 | 8.2 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2014-2519 | 1 Emc | 1 Recoverpoint Appliance | 2017-01-07 | 5.8 MEDIUM | N/A |
| The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports. | |||||
| CVE-2014-2599 | 1 Xen | 1 Xen | 2017-01-07 | 4.9 MEDIUM | N/A |
| The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. | |||||
| CVE-2014-2614 | 1 Hp | 1 Sitescope | 2017-01-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | |||||
| CVE-2014-2615 | 1 Hp | 1 Universal Configuration Management Database | 2017-01-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. | |||||
| CVE-2014-2616 | 1 Hp | 1 Universal Configuration Management Database | 2017-01-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. | |||||
| CVE-2014-2617 | 1 Hp | 1 Universal Configuration Management Database | 2017-01-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104. | |||||
| CVE-2014-2623 | 1 Hp | 1 Storage Data Protector | 2017-01-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2014-2625 | 1 Hp | 1 Network Virtualization | 2017-01-07 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023. | |||||
| CVE-2014-2626 | 1 Hp | 1 Network Virtualization | 2017-01-07 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | |||||
| CVE-2014-2629 | 1 Hp | 1 Nonstop Safeguard Security | 2017-01-07 | 4.0 MEDIUM | N/A |
| HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time. | |||||
| CVE-2014-2631 | 1 Hp | 1 Application Lifecycle Management | 2017-01-07 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. | |||||
| CVE-2014-2653 | 1 Openbsd | 1 Openssh | 2017-01-07 | 5.8 MEDIUM | N/A |
| The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | |||||
| CVE-2014-3088 | 1 Ibm | 1 Sametime Meeting Server | 2017-01-07 | 5.5 MEDIUM | N/A |
| stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | |||||
| CVE-2014-3113 | 1 Realnetworks | 1 Realplayer | 2017-01-07 | 9.3 HIGH | N/A |
| Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. | |||||
| CVE-2014-3160 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-07 | 6.8 MEDIUM | N/A |
| The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | |||||
| CVE-2014-3162 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-07 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-3411 | 1 Juniper | 3 Network And Security Manager Software, Nsm3000, Nsmexpress | 2017-01-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-3431 | 2 Apple, Symantec | 3 Mac Os X, Encryption Desktop, Pgp Desktop | 2017-01-07 | 4.3 MEDIUM | N/A |
| Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | |||||
| CVE-2016-9874 | 2017-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2016-9875 | 2017-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2016-9876 | 2017-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2016-9886 | 2017-01-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2015-0579 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-01-06 | 5.0 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. | |||||
| CVE-2015-0634 | 1 Cisco | 1 Webex Meetings Server | 2017-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310. | |||||
| CVE-2015-0692 | 1 Cisco | 1 Web Security Appliance | 2017-01-06 | 7.2 HIGH | N/A |
| Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230. | |||||
| CVE-2015-0729 | 1 Cisco | 1 Secure Access Control Server | 2017-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. | |||||
| CVE-2015-0731 | 1 Cisco | 1 Ios | 2017-01-06 | 6.1 MEDIUM | N/A |
| The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. | |||||
| CVE-2015-0693 | 1 Cisco | 1 Web Security Appliance | 2017-01-06 | 7.2 HIGH | N/A |
| Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259. | |||||