Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7342 | 1 Flowplayer | 1 Flowplayer Html5 | 2014-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341. | |||||
| CVE-2011-5276 | 1 Gplhost | 1 Domain Technologie Control | 2014-03-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter. | |||||
| CVE-2011-5275 | 1 Gplhost | 1 Domain Technologie Control | 2014-03-21 | 7.5 HIGH | N/A |
| The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | |||||
| CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2014-03-21 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/. | |||||
| CVE-2011-3198 | 1 Gplhost | 1 Domain Technologie Control | 2014-03-21 | 2.1 LOW | N/A |
| Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2011-3195 | 1 Gplhost | 1 Domain Technologie Control | 2014-03-21 | 6.5 MEDIUM | N/A |
| shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | |||||
| CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2014-03-20 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
| CVE-2012-0322 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. | |||||
| CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 6.8 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | |||||
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-2212 | 1 Mcafee | 1 Web Gateway | 2014-03-19 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. | |||||
| CVE-2014-0132 | 1 Fedoraproject | 1 389 Directory Server | 2014-03-19 | 6.5 MEDIUM | N/A |
| The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. | |||||
| CVE-2014-0057 | 1 Redhat | 2 Cloudforms, Cloudforms 3.0 Management Engine | 2014-03-19 | 7.5 HIGH | N/A |
| The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. | |||||
| CVE-2013-3938 | 1 Xnview | 1 Xnview | 2014-03-19 | 9.3 HIGH | N/A |
| Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-2643 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component. | |||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 9.3 HIGH | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | |||||
| CVE-2013-2641 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||||
| CVE-2014-1976 | 1 Yumenomachi | 1 Demaecan | 2014-03-18 | 5.8 MEDIUM | N/A |
| The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.0 MEDIUM | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||||
| CVE-2013-2047 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 2.1 LOW | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | |||||
| CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.6 MEDIUM | N/A |
| Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | |||||
| CVE-2013-2048 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 6.5 MEDIUM | N/A |
| ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | |||||
| CVE-2013-2044 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2013-2043 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | |||||
| CVE-2013-2042 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php. | |||||
| CVE-2013-2041 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js. | |||||
| CVE-2013-2040 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2039 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | |||||
| CVE-2013-1963 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors. | |||||
| CVE-2014-2292 | 1 Juniper | 1 Ive Os | 2014-03-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2014-03-17 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2014-1438 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.7 MEDIUM | N/A |
| The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. | |||||
| CVE-2013-7027 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 6.1 MEDIUM | N/A |
| The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. | |||||
| CVE-2013-7266 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.9 MEDIUM | N/A |
| The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7267 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.9 MEDIUM | N/A |
| The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7268 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.9 MEDIUM | N/A |
| The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2014-0020 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | |||||
| CVE-2013-6376 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 5.2 MEDIUM | N/A |
| The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. | |||||
| CVE-2013-6380 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.7 MEDIUM | N/A |
| The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. | |||||
| CVE-2013-6477 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. | |||||
| CVE-2013-6478 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 4.3 MEDIUM | N/A |
| gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. | |||||
| CVE-2013-6479 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. | |||||
| CVE-2013-6481 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. | |||||
| CVE-2013-6482 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. | |||||
| CVE-2013-6483 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 6.4 MEDIUM | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. | |||||
| CVE-2013-6484 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. | |||||
| CVE-2013-6485 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. | |||||
| CVE-2013-6486 | 1 Pidgin | 1 Pidgin | 2014-03-16 | 9.3 HIGH | N/A |
| gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. | |||||
| CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2014-03-16 | 2.1 LOW | N/A |
| The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||