Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0510 | 1 Adobe | 1 Flash Player | 2014-06-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014. | |||||
| CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2014-06-21 | 4.3 MEDIUM | N/A |
| The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4463 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2014-06-21 | 2.1 LOW | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | |||||
| CVE-2013-4469 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2014-06-21 | 1.9 LOW | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | |||||
| CVE-2012-2027 | 1 Adobe | 3 Photoshop, Photoshop Cs4, Photoshop Cs5.5 | 2014-06-21 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. | |||||
| CVE-2012-2052 | 1 Adobe | 2 Photoshop Cs5, Photoshop Cs5.1 | 2014-06-20 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element. | |||||
| CVE-2013-1068 | 1 Canonical | 1 Ubuntu Linux | 2014-06-20 | 5.0 MEDIUM | N/A |
| The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. | |||||
| CVE-2014-4335 | 1 Barracudadrive | 1 Barracudadrive | 2014-06-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/. | |||||
| CVE-2014-4334 | 1 Ubi | 1 Rayman Legends | 2014-06-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. | |||||
| CVE-2014-2001 | 1 Jreast | 1 Jr East Japan | 2014-06-19 | 5.8 MEDIUM | N/A |
| The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4153 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 7.8 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||||
| CVE-2014-4152 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. | |||||
| CVE-2014-4151 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | |||||
| CVE-2014-4174 | 1 Wireshark | 1 Wireshark | 2014-06-19 | 9.3 HIGH | N/A |
| wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. | |||||
| CVE-2013-6078 | 1 Emc | 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager | 2014-06-19 | 5.8 MEDIUM | N/A |
| The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. | |||||
| CVE-2014-2000 | 1 Ntt | 1 050 Plus | 2014-06-19 | 2.6 LOW | N/A |
| The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. | |||||
| CVE-2014-4308 | 1 Nice | 1 Recording Express | 2014-06-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.marks.asp in _ifr/. | |||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2014-06-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||||
| CVE-2014-4306 | 1 Webtitan | 1 Webtitan | 2014-06-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||||
| CVE-2014-4305 | 1 Nice | 1 Recording Express | 2014-06-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4286 | 2014-06-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candidate is a duplicate of CVE-2013-4286. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-4302 | 1 Ham3d | 1 Ham3d Shop Engine | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2014-3877 | 1 Ulli Horlacher | 1 Fex | 2014-06-18 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup. | |||||
| CVE-2014-3876 | 1 Ulli Horlacher | 1 Fex | 2014-06-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc. | |||||
| CVE-2014-4190 | 1 Huawei | 13 Campus Lsw S9700, Campus S2350, Campus S2750 and 10 more | 2014-06-18 | 7.8 HIGH | N/A |
| Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | |||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||||
| CVE-2014-4004 | 1 Sap | 1 Project System | 2014-06-18 | 5.0 MEDIUM | N/A |
| The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4005 | 1 Sap | 1 Brazil | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4006 | 1 Sap | 1 Oil Industry Solution Traders And Schedulers Workbench | 2014-06-18 | 5.0 MEDIUM | N/A |
| The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2014-06-18 | 5.0 MEDIUM | N/A |
| The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2014-06-18 | 5.0 MEDIUM | N/A |
| SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-4032 | 1 Fiyo | 1 Fiyo Cms | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | |||||
| CVE-2014-2502 | 1 Emc | 1 Rsa Adaptive Authentication Hosted | 2014-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2503 | 1 Emc | 1 Documentum Digital Asset Manager | 2014-06-18 | 7.5 HIGH | N/A |
| The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string. | |||||
| CVE-2014-2504 | 1 Emc | 1 Documentum D2 | 2014-06-18 | 9.0 HIGH | N/A |
| EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method. | |||||
| CVE-2014-2604 | 1 Hp | 2 Icewall Mcrp, Icewall Sso | 2014-06-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2014-06-18 | 7.5 HIGH | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2014-06-18 | 7.5 HIGH | N/A |
| SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2946 | 1 Huawei | 3 E303 Modem, E303 Modem Firmware, Webui | 2014-06-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | |||||
| CVE-2014-3840 | 1 Mayan-edms | 1 Mayan Edms | 2014-06-18 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form. | |||||
| CVE-2014-1997 | 1 Aten | 2 Cn8000, Cn8000 Firmware | 2014-06-18 | 7.8 HIGH | N/A |
| The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-5354 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | |||||
| CVE-2013-5355 | 1 Sharetronix | 1 Sharetronix | 2014-06-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors. | |||||
| CVE-2013-4099 | 1 Jogamp | 2 Joal, Jogamp | 2014-06-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEffectSlotf1, (2) alBuffer3f1, (3) alBufferfv1, (4) alDeleteEffects1, (5) alEffectf1, (6) alEffectfv1, (7) alEffectiv1, (8) alEnable1, (9) alFilterfv1, (10) alFilteriv1, (11) alGenAuxiliaryEffectSlots1, (12) alGenEffects1, (13) alGenFilters1, (14) alGenSources1, (15) alGetAuxiliaryEffectSlotiv1, (16) alGetBuffer3f1, (17) alGetBuffer3i1, (18) alGetBufferf1, (19) alGetBufferiv1, (20) alGetDoublev1, (21) alGetEffectf1, (22) alGetEffectfv1, (23) alGetEffectiv1, (24) alGetEnumValue1, (25) alGetFilteri1, (26) alGetFilteriv1, (27) alGetFloat1, (28) alGetFloatv1, (29) alGetListener3f1, (30) alGetListener3i1, (31) alGetListenerf1, (32) alGetListeneri1, (33) alGetListeneriv1, (34) alGetProcAddress1, (35) alGetProcAddressStatic, (36) alGetSource3f1, (37) alGetSource3i1, (38) alGetSourcef1, (39) alGetSourcefv1, (40) alGetSourcei1, (41) alGetSourceiv1, (42) alGetString1java/lang/String;, (43) alIsAuxiliaryEffectSlot1, (44) alIsBuffer1, (45) alIsEffect1, (46) alIsExtensionPresent1, (47) alIsFilter1, (48) alListener3f1, (49) alListener3i1, (50) alListenerf1, (51) alListenerfv1, (52) alListeneri1, (53) alListeneriv1, (54) alSource3f1, (55) alSource3i1, (56) alSourcef1, (57) alSourcefv1, (58) alSourcei1, (59) alSourceiv1, (60) alSourcePause1, (61) alSourcePausev1, (62) alSourcePlay1, (63) alSourcePlayv1, (64) alSourceQueueBuffers1, (65) alSourceRewindv1, (66) alSourceStop1, (67) alSourceStopv1, (68) alSourceUnqueueBuffers1, or (69) alSpeedOfSound1 method in jogamp.openal.ALImpl.dispatch. | |||||
| CVE-2014-4166 | 1 Shoutcast | 1 Dnas | 2014-06-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field. | |||||
| CVE-2014-4163 | 1 Featured Comments Plugin Project | 1 Featured Comments | 2014-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php. | |||||