Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8008 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8009 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8026 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8027 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8029 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8030 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8042 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8043 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-8049 | 2018-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2018-01-03 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2013-7294 | 1 Libreswan | 1 Libreswan | 2018-01-03 | 5.0 MEDIUM | N/A |
| The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||||
| CVE-2014-0038 | 1 Linux | 1 Linux Kernel | 2018-01-03 | 6.9 MEDIUM | N/A |
| The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. | |||||
| CVE-2014-0330 | 1 Dell | 2 Kace K1000 Systems Management Appliance, Kace K1000 Systems Management Appliance Software | 2018-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter. | |||||
| CVE-2014-0500 | 1 Adobe | 1 Shockwave Player | 2018-01-03 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501. | |||||
| CVE-2014-0501 | 1 Adobe | 1 Shockwave Player | 2018-01-03 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500. | |||||
| CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2018-01-03 | 9.0 HIGH | N/A |
| The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. | |||||
| CVE-2014-0680 | 1 Cisco | 1 Identity Services Engine | 2018-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038. | |||||
| CVE-2014-0681 | 1 Cisco | 1 Identity Services Engine Software | 2018-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. | |||||
| CVE-2014-0682 | 1 Cisco | 1 Webex Meetings Server | 2018-01-03 | 4.9 MEDIUM | N/A |
| Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346. | |||||
| CVE-2014-0686 | 1 Cisco | 1 Unified Communications Manager | 2018-01-03 | 6.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | |||||
| CVE-2014-0822 | 1 Ibm | 1 Lotus Domino | 2018-01-03 | 7.8 HIGH | N/A |
| The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. | |||||
| CVE-2014-0831 | 1 Ibm | 1 Financial Transaction Manager | 2018-01-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | |||||
| CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2018-01-03 | 5.5 MEDIUM | N/A |
| The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||||
| CVE-2014-1642 | 1 Xen | 1 Xen | 2018-01-03 | 4.4 MEDIUM | N/A |
| The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. | |||||
| CVE-2014-1643 | 1 Symantec | 1 Encryption Management Server | 2018-01-03 | 4.0 MEDIUM | N/A |
| The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL. | |||||
| CVE-2014-1663 | 1 Citrix | 2 Xenmobile Device Manager, Xenmobile Device Manager Mdm | 2018-01-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2018-01-03 | 8.3 HIGH | N/A |
| The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2014-1670 | 1 Microsoft | 1 Bing | 2018-01-03 | 6.8 MEDIUM | N/A |
| The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. | |||||
| CVE-2014-1672 | 1 Checkpoint | 2 Management Server, Security Gateway | 2018-01-03 | 4.0 MEDIUM | N/A |
| Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2014-1681 | 1 Google | 1 Chrome | 2018-01-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." | |||||
| CVE-2014-1833 | 1 Devscripts Devel Team | 1 Devscripts | 2018-01-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||||
| CVE-2017-1000435 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16227. Reason: This candidate is a reservation duplicate of CVE-2017-16227. Notes: All CVE users should reference CVE-2017-16227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000436 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14975. Reason: This candidate is a reservation duplicate of CVE-2017-14975. Notes: All CVE users should reference CVE-2017-14975 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000440 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000446 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15954. Reason: This candidate is a reservation duplicate of CVE-2017-15954. Notes: All CVE users should reference CVE-2017-15954 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000447 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-1575 | 1 Trevor Mckay | 1 Cumin | 2017-12-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. | |||||
| CVE-2017-17496 | 2017-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2009-5112 | 1 Iwork | 1 Webglimpse | 2017-12-29 | 5.0 MEDIUM | N/A |
| wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. | |||||
| CVE-2009-5114 | 1 Iwork | 1 Webglimpse | 2017-12-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. | |||||
| CVE-2011-2494 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 2.1 LOW | N/A |
| kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. | |||||
| CVE-2011-3048 | 1 Libpng | 1 Libpng | 2017-12-29 | 6.8 MEDIUM | N/A |
| The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. | |||||
| CVE-2011-3083 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. | |||||
| CVE-2011-3084 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. | |||||
| CVE-2011-3085 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values. | |||||
| CVE-2011-3086 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element. | |||||
| CVE-2011-3087 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3088 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3089 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. | |||||
| CVE-2011-3090 | 1 Google | 1 Chrome | 2017-12-29 | 7.6 HIGH | N/A |
| Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. | |||||