Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6462 | 1 Oracle | 1 Fusion Middleware | 2015-11-06 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-6465 | 1 Oracle | 1 Communications Applications | 2015-11-06 | 6.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept. | |||||
| CVE-2014-6486 | 1 Oracle | 1 Peoplesoft Products | 2015-11-06 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Talent Acquisition Manager - Security. | |||||
| CVE-2014-6488 | 1 Oracle | 2 Enterprise Manager Database Control, Enterprise Manager Grid Control | 2015-11-06 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management. | |||||
| CVE-2014-6475 | 1 Oracle | 1 Peoplesoft Products | 2015-11-06 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2014-6482 | 1 Oracle | 1 Peoplesoft Products | 2015-11-06 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant. | |||||
| CVE-2014-6483 | 1 Oracle | 1 Database Server | 2015-11-06 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2015-8075 | 2015-11-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2014-4298 | 1 Oracle | 1 Database Server | 2015-11-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | |||||
| CVE-2014-4300 | 1 Oracle | 1 Database Server | 2015-11-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | |||||
| CVE-2014-4295 | 1 Oracle | 1 Database Server | 2015-11-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563. | |||||
| CVE-2014-4299 | 1 Oracle | 1 Database Server | 2015-11-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. | |||||
| CVE-2014-4285 | 1 Oracle | 1 E-business Suite | 2015-11-05 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration. | |||||
| CVE-2014-4294 | 1 Oracle | 1 Database Server | 2015-11-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563. | |||||
| CVE-2014-4281 | 1 Oracle | 1 E-business Suite | 2015-11-05 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Portal Integration. | |||||
| CVE-2014-4278 | 1 Oracle | 1 E-business Suite | 2015-11-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms. | |||||
| CVE-2014-3825 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2015-11-05 | 6.8 MEDIUM | N/A |
| The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. | |||||
| CVE-2014-3818 | 1 Juniper | 1 Junos | 2015-11-05 | 7.8 HIGH | N/A |
| Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE. | |||||
| CVE-2010-5105 | 1 Blender | 1 Blender | 2015-11-05 | 3.3 LOW | N/A |
| The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | |||||
| CVE-2015-5673 | 1 Isucon | 1 Isucon 5 Qualifier Eventapp | 2015-11-04 | 6.5 MEDIUM | N/A |
| eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command. | |||||
| CVE-2015-7244 | 1 Mobatek | 1 Mobaxterm | 2015-11-04 | 7.5 HIGH | N/A |
| The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | |||||
| CVE-2014-8013 | 1 Cisco | 1 Nx-os | 2015-11-04 | 4.9 MEDIUM | N/A |
| The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | |||||
| CVE-2014-0477 | 2 Email\, Fedoraproject | 2 \, Fedora | 2015-11-04 | 5.0 MEDIUM | N/A |
| The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. | |||||
| CVE-2015-7253 | 1 Commvault | 1 Edge Server | 2015-11-04 | 10.0 HIGH | N/A |
| The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | |||||
| CVE-2015-5717 | 1 Siemens | 1 Compas | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6561 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Separate Remittance Advice. | |||||
| CVE-2014-6479 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration. | |||||
| CVE-2014-6523 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface. | |||||
| CVE-2014-6539 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472. | |||||
| CVE-2014-6550 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp. | |||||
| CVE-2014-6471 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OAM Diagnostics. | |||||
| CVE-2014-6472 | 1 Oracle | 1 E-business Suite | 2015-11-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539. | |||||
| CVE-2014-5578 | 1 Trading 212 | 1 Trading 212 Forex | 2015-11-04 | 5.4 MEDIUM | N/A |
| The Trading 212 FOREX (aka com.avuscapital.trading212) application before 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2828 | 1 Openstack | 1 Keystone | 2015-11-04 | 7.8 HIGH | N/A |
| The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | |||||
| CVE-2014-0103 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa | 2015-11-04 | 2.1 LOW | N/A |
| WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | |||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2015-11-04 | 5.8 MEDIUM | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5811 | 1 Breezy | 1 Breezy | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2015-11-04 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2012-5809 | 1 Groupon | 1 Groupon Merchants | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2000-0219 | 1 Redhat | 1 Linux | 2015-11-04 | 7.2 HIGH | N/A |
| Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. | |||||
| CVE-2014-5082 | 1 Sphider | 1 Sphider | 2015-11-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | |||||
| CVE-2015-5308 | 1 Wp-championship Project | 1 Wp-championship | 2015-11-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | |||||
| CVE-2015-5210 | 1 Apache | 1 Ambari | 2015-11-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | |||||
| CVE-2015-3186 | 1 Apache | 1 Ambari | 2015-11-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | |||||
| CVE-2015-3270 | 1 Apache | 1 Ambari | 2015-11-04 | 6.5 MEDIUM | N/A |
| Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |||||
| CVE-2015-1775 | 1 Apache | 1 Ambari | 2015-11-04 | 5.5 MEDIUM | N/A |
| Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | |||||
| CVE-2015-5470 | 1 Powerdns | 2 Authoritative, Recursor | 2015-11-04 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | |||||
| CVE-2015-8074 | 1 Google | 1 Android | 2015-11-03 | 5.0 MEDIUM | N/A |
| mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. | |||||
| CVE-2015-8073 | 1 Google | 1 Android | 2015-11-03 | 10.0 HIGH | N/A |
| mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | |||||
| CVE-2015-8072 | 1 Google | 1 Android | 2015-11-03 | 10.0 HIGH | N/A |
| mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | |||||