Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4885 | 1 Closeprotectionworld | 1 Cpworld Close Protection World | 2014-11-10 | 5.4 MEDIUM | N/A |
| The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4884 | 1 Conrad Hotel Project | 1 Conrad Hotel | 2014-11-10 | 5.4 MEDIUM | N/A |
| The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-8510 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2014-11-10 | 4.0 MEDIUM | N/A |
| The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. | |||||
| CVE-2014-6623 | 1 Arubanetworks | 1 Clearpass | 2014-11-10 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. | |||||
| CVE-2014-6620 | 1 Arubanetworks | 1 Clearpass | 2014-11-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5038 | 1 Eucalyptus | 1 Eucalyptus | 2014-11-10 | 2.1 LOW | N/A |
| Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files. | |||||
| CVE-2014-5037 | 1 Eucalyptus | 1 Eucalyptus | 2014-11-10 | 2.1 LOW | N/A |
| Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log. | |||||
| CVE-2014-5587 | 1 Brokenscreencrank Project | 1 Brokenscreencrank | 2014-11-09 | 5.4 MEDIUM | N/A |
| The brokenscreencrank (aka com.biggame.brokenscreencrank) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5585 | 1 Bepopapp | 1 Like4like\ | 2014-11-09 | 5.4 MEDIUM | N/A |
| The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5563 | 1 Show Do Milhao 2014 Project | 1 Show Do Milhao 2014 | 2014-11-09 | 5.4 MEDIUM | N/A |
| The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5430 | 1 Abb | 2 Robotstudio, Test Signal Viewer | 2014-11-07 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. | |||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2014-11-07 | 10.0 HIGH | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8667 | 1 Sap | 1 Hana Web-based Development Workbench | 2014-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8666 | 1 Sap | 1 Business Intelligence Development Workbench | 2014-11-07 | 5.0 MEDIUM | N/A |
| The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||||
| CVE-2014-8665 | 1 Sap | 1 Business Intelligence Development Workbench | 2014-11-07 | 5.0 MEDIUM | N/A |
| The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||||
| CVE-2014-8663 | 1 Sap | 1 Netweaver Business Warehouse | 2014-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8662 | 1 Sap | 1 Payroll Process | 2014-11-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | |||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2014-11-07 | 10.0 HIGH | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-6030 | 1 Classapps | 1 Selectsurvey.net | 2014-11-06 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | |||||
| CVE-2014-8656 | 1 Compal Broadband Networks | 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware | 2014-11-06 | 10.0 HIGH | N/A |
| The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | |||||
| CVE-2014-8622 | 1 Compfight Project | 1 Compfight | 2014-11-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | |||||
| CVE-2014-5545 | 1 Torrnad0 | 1 Sprint Jump | 2014-11-06 | 5.4 MEDIUM | N/A |
| The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4577 | 1 Websupporter | 1 Wp Amasin - The Amazon Affiliate Shop | 2014-11-06 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. | |||||
| CVE-2014-2937 | 2014-11-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-2374 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2014-11-05 | 7.5 HIGH | N/A |
| The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |||||
| CVE-2014-2373 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2014-11-05 | 7.5 HIGH | N/A |
| The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. | |||||
| CVE-2014-3461 | 1 Qemu | 1 Qemu | 2014-11-05 | 6.8 MEDIUM | N/A |
| hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." | |||||
| CVE-2013-4150 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. | |||||
| CVE-2013-4149 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. | |||||
| CVE-2013-4148 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. | |||||
| CVE-2013-4151 | 1 Qemu | 1 Qemu | 2014-11-05 | 7.5 HIGH | N/A |
| The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||||
| CVE-2014-6033 | 2014-11-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-6421 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. | |||||
| CVE-2014-6422 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | |||||
| CVE-2014-6423 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. | |||||
| CVE-2014-6424 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | |||||
| CVE-2014-6425 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. | |||||
| CVE-2014-6426 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2014-6427 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | |||||
| CVE-2014-6428 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-6429 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2014-6430 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2014-6431 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | |||||
| CVE-2014-6432 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2014-4311 | 1 Epicor | 1 Epicor Enterprise | 2014-11-05 | 5.0 MEDIUM | N/A |
| Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | |||||
| CVE-2012-6661 | 2 Plone, Zope | 2 Plone, Zope | 2014-11-05 | 5.0 MEDIUM | N/A |
| Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). | |||||
| CVE-2012-5508 | 1 Plone | 1 Plone | 2014-11-05 | 5.0 MEDIUM | N/A |
| The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. | |||||
| CVE-2012-5500 | 1 Plone | 1 Plone | 2014-11-05 | 4.3 MEDIUM | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | |||||
| CVE-1999-0586 | 2014-11-04 | 0.0 LOW | N/A | ||
| A network service is running on a nonstandard port. | |||||
| CVE-2014-8244 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2014-11-04 | 7.5 HIGH | N/A |
| Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. | |||||