Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1842 | 1 Redhat | 1 Openstack | 2016-07-26 | 10.0 HIGH | N/A |
| The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | |||||
| CVE-2015-1843 | 1 Redhat | 1 Docker | 2016-07-26 | 4.3 MEDIUM | N/A |
| The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | |||||
| CVE-2014-8763 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
| DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2014-8764 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
| DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | |||||
| CVE-2014-3678 | 1 Jenkins-ci | 1 Monitoring Plugin | 2016-07-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3679 | 1 Jenkins-ci | 1 Monitoring Plugin | 2016-07-15 | 5.0 MEDIUM | N/A |
| The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages. | |||||
| CVE-2013-6374 | 1 Jenkins-ci | 1 Build Failure Analyzer | 2016-07-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6373 | 1 Jenkins-ci | 1 Exclusion | 2016-07-15 | 5.5 MEDIUM | N/A |
| The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. | |||||
| CVE-2013-2034 | 1 Cloudbees | 1 Jenkins | 2016-07-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. | |||||
| CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2016-07-13 | 1.9 LOW | N/A |
| The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | |||||
| CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2016-07-13 | 7.2 HIGH | N/A |
| The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | |||||
| CVE-2016-5389 | 2016-07-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5696. Reason: This candidate is a reservation duplicate of CVE-2016-5696. Notes: All CVE users should reference CVE-2016-5696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9791 | 2016-07-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0196. Reason: This candidate is a reservation duplicate of CVE-2014-0196. Notes: All CVE users should reference CVE-2014-0196 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9794 | 2016-07-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9797 | 2016-07-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0974. Reason: This candidate is a reservation duplicate of CVE-2014-0974. Notes: All CVE users should reference CVE-2014-0974 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-3794 | 2016-07-08 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3814. Reason: This candidate is a reservation duplicate of CVE-2016-3814. Notes: All CVE users should reference CVE-2016-3814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9039 | 3 Debian, Mageia Project, Wordpress | 3 Debian Linux, Mageia, Wordpress | 2016-06-30 | 4.3 MEDIUM | N/A |
| wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. | |||||
| CVE-2014-9037 | 3 Debian, Mageia Project, Wordpress | 3 Debian Linux, Mageia, Wordpress | 2016-06-30 | 6.8 MEDIUM | N/A |
| WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. | |||||
| CVE-2014-8112 | 1 Fedoraproject | 2 389 Directory Server, Fedora | 2016-06-30 | 4.0 MEDIUM | N/A |
| 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. | |||||
| CVE-2014-8105 | 1 Fedoraproject | 2 389 Directory Server, Fedora | 2016-06-30 | 5.0 MEDIUM | N/A |
| 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. | |||||
| CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2016-06-30 | 3.3 LOW | N/A |
| lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||||
| CVE-2014-3423 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2016-06-30 | 3.3 LOW | N/A |
| lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | |||||
| CVE-2014-3422 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2016-06-30 | 3.3 LOW | N/A |
| lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | |||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2016-06-30 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
| CVE-2014-2925 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2016-06-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | |||||
| CVE-2014-2719 | 2 Asus, T-mobile | 10 Rt-ac66u Firmware, Rt-ac68u, Rt-ac68u Firmware and 7 more | 2016-06-30 | 6.3 MEDIUM | N/A |
| Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. | |||||
| CVE-2013-5948 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2016-06-30 | 8.5 HIGH | N/A |
| The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | |||||
| CVE-2015-0376 | 1 Oracle | 1 Fusion Middleware | 2016-06-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | |||||
| CVE-2015-0257 | 1 Redhat | 1 Enterprise Virtualization Manager | 2016-06-28 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | |||||
| CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2016-06-28 | 5.0 MEDIUM | N/A |
| The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||||
| CVE-2015-4396 | 1 Keyword Research Project | 1 Keyword Research | 2016-06-27 | 5.1 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors. | |||||
| CVE-2015-4467 | 1 Libmspack Project | 1 Libmspack | 2016-06-27 | 4.3 MEDIUM | N/A |
| The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. | |||||
| CVE-2014-6579 | 1 Oracle | 1 Peoplesoft Products | 2016-06-27 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Integration Broker. | |||||
| CVE-2014-6576 | 1 Oracle | 1 Fusion Middleware | 2016-06-24 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to OAM Integration. | |||||
| CVE-2014-6565 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2016-06-24 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC. | |||||
| CVE-2014-6569 | 1 Oracle | 1 Fusion Middleware | 2016-06-24 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components. | |||||
| CVE-2014-6571 | 1 Oracle | 1 Fusion Middleware | 2016-06-24 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944. | |||||
| CVE-2014-6548 | 1 Oracle | 1 Fusion Middleware | 2016-06-24 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B Engine. | |||||
| CVE-2014-6556 | 1 Oracle | 1 E-business Suite | 2016-06-24 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL. | |||||
| CVE-2014-6573 | 1 Oracle | 1 Enterprise Manager Grid Control | 2016-06-24 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. | |||||
| CVE-2014-9714 | 1 Facebook | 1 Hiphop Virtual Machine | 2016-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | |||||
| CVE-2014-6566 | 1 Oracle | 1 Peoplesoft Products | 2016-06-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal. | |||||
| CVE-2014-6574 | 1 Oracle | 1 Supply Chain Products Suite | 2016-06-24 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library. | |||||
| CVE-2015-5240 | 1 Openstack | 1 Neutron | 2016-06-24 | 3.5 LOW | N/A |
| Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. | |||||
| CVE-2014-4279 | 1 Oracle | 1 Peoplesoft Products | 2016-06-24 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | |||||
| CVE-2014-6528 | 1 Oracle | 1 Siebel Crm | 2016-06-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure. | |||||
| CVE-2014-6572 | 1 Oracle | 1 E-business Suite | 2016-06-24 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to List of Values. | |||||
| CVE-2014-9718 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2016-06-23 | 4.9 MEDIUM | N/A |
| The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. | |||||
| CVE-2015-0389 | 1 Oracle | 1 Fusion Middleware | 2016-06-23 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592. | |||||
| CVE-2015-2149 | 1 Mybb | 1 Mybb | 2016-06-23 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php. | |||||