Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2441 | 1 Oracle | 1 Vm Virtualbox | 2014-04-16 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. | |||||
| CVE-2014-2445 | 1 Oracle | 1 Supply Chain Products Suite | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467. | |||||
| CVE-2014-2467 | 1 Oracle | 1 Supply Chain Products Suite | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445. | |||||
| CVE-2014-2466 | 1 Oracle | 1 Supply Chain Products Suite | 2014-04-16 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2014-2446 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS. | |||||
| CVE-2014-2447 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437. | |||||
| CVE-2014-2448 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Install and Packaging. | |||||
| CVE-2014-2465 | 1 Oracle | 1 Supply Chain Products Suite | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. | |||||
| CVE-2014-2439 | 1 Oracle | 1 Virtualization | 2014-04-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Workspace Web Application. | |||||
| CVE-2014-2464 | 1 Oracle | 1 Supply Chain Products Suite | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2014-2437 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2447. | |||||
| CVE-2014-2433 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker. | |||||
| CVE-2014-2429 | 1 Oracle | 1 Peoplesoft Products | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile. | |||||
| CVE-2014-2411 | 1 Oracle | 2 Identity Analytics, Sun Role Manager | 2014-04-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. | |||||
| CVE-2014-2426 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console. | |||||
| CVE-2014-2425 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2014-2408 | 1 Oracle | 1 Database Server | 2014-04-16 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege." | |||||
| CVE-2014-2450 | 1 Oracle | 1 Mysql | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2014-2406 | 1 Oracle | 1 Database Server | 2014-04-16 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges. | |||||
| CVE-2014-2444 | 1 Oracle | 1 Mysql | 2014-04-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. | |||||
| CVE-2014-2442 | 1 Oracle | 1 Mysql | 2014-04-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM. | |||||
| CVE-2014-2451 | 1 Oracle | 1 Mysql | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges. | |||||
| CVE-2014-0465 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-2455 | 1 Oracle | 1 Hyperion | 2014-04-16 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface. | |||||
| CVE-2014-2454 | 1 Oracle | 1 Hyperion | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface. | |||||
| CVE-2014-2453 | 1 Oracle | 1 Hyperion | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface. | |||||
| CVE-2014-0426 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413. | |||||
| CVE-2014-0450 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect confidentiality via unknown vectors related to People Connection. | |||||
| CVE-2014-0421 | 1 Sun | 1 Sunos | 2014-04-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-0442 | 2 Oracle, Sun | 2 Sunos, Sunos | 2014-04-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. | |||||
| CVE-2014-0414 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling. | |||||
| CVE-2014-0413 | 1 Oracle | 1 Fusion Middleware | 2014-04-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426. | |||||
| CVE-2013-4768 | 1 Eucalyptus | 1 Eucalyptus | 2014-04-16 | 5.0 MEDIUM | N/A |
| The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB). | |||||
| CVE-2012-0214 | 1 Advanced Package Tool | 1 Advanced Package Tool | 2014-04-16 | 4.3 MEDIUM | N/A |
| The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned. | |||||
| CVE-2011-3628 | 1 Canonical | 2 Libpam-modules, Ubuntu Linux | 2014-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname. | |||||
| CVE-2014-2874 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. | |||||
| CVE-2014-2873 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file. | |||||
| CVE-2014-2872 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors. | |||||
| CVE-2014-2871 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-2870 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2869 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 5.0 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information. | |||||
| CVE-2014-2868 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 7.5 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. | |||||
| CVE-2014-2867 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors. | |||||
| CVE-2014-2384 | 1 Vmware | 2 Player, Workstation | 2014-04-16 | 4.9 MEDIUM | N/A |
| vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable." | |||||
| CVE-2014-2866 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code. | |||||
| CVE-2014-2865 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 7.5 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation. | |||||
| CVE-2014-2864 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | |||||
| CVE-2014-2863 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | |||||
| CVE-2014-2862 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 6.5 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | |||||
| CVE-2014-2861 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string. | |||||