Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2014-03-03 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | |||||
| CVE-2013-2818 | 1 Alstom | 1 E-terracontrol | 2014-03-03 | 4.7 MEDIUM | N/A |
| The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | |||||
| CVE-2013-3519 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2014-03-03 | 7.9 HIGH | N/A |
| lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | |||||
| CVE-2014-2089 | 1 Ilias | 1 Ilias | 2014-03-03 | 6.8 MEDIUM | N/A |
| ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||||
| CVE-2014-2088 | 1 Ilias | 1 Ilias | 2014-03-03 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname. | |||||
| CVE-2014-2099 | 1 Ffmpeg | 1 Ffmpeg | 2014-03-03 | 6.8 MEDIUM | N/A |
| The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. | |||||
| CVE-2014-0759 | 1 Schneider-electric | 1 Floating License Manager | 2014-02-28 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2014-2103 | 1 Cisco | 1 Intrusion Prevention System | 2014-02-28 | 6.8 MEDIUM | N/A |
| Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. | |||||
| CVE-2014-2231 | 1 I-doit | 1 I-doit | 2014-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title. | |||||
| CVE-2013-6699 | 1 Cisco | 1 Wireless Lan Controller | 2014-02-28 | 5.0 MEDIUM | N/A |
| The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. | |||||
| CVE-2012-6608 | 1 Elastix | 1 Elastix | 2014-02-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. | |||||
| CVE-2013-3708 | 1 Novell | 1 Iprint | 2014-02-27 | 5.0 MEDIUM | N/A |
| The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-2825 | 1 Elecsyscorp | 2 Director Dnp3 Outstation Kernel, Director Industrial Communication Gateway | 2014-02-27 | 4.3 MEDIUM | N/A |
| The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input. | |||||
| CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-02-27 | 4.6 MEDIUM | N/A |
| The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
| CVE-2011-3315 | 1 Cisco | 4 Unified Ccx, Unified Communications Manager, Unified Ip Interactive Voice Response and 1 more | 2014-02-27 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. | |||||
| CVE-2014-1256 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-02-27 | 7.5 HIGH | N/A |
| Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-1262 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | |||||
| CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2014-02-27 | 10.0 HIGH | N/A |
| TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-1967 | 1 7andi-fs.co | 1 Denny\'s | 2014-02-27 | 5.8 MEDIUM | N/A |
| The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6812 | 1 Nextdc | 1 Onedc | 2014-02-27 | 5.8 MEDIUM | N/A |
| The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1261 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
| Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||||
| CVE-2014-1258 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |||||
| CVE-2014-1246 | 1 Apple | 1 Quicktime | 2014-02-27 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. | |||||
| CVE-2014-0817 | 1 Cybozu | 1 Garoon | 2014-02-27 | 4.9 MEDIUM | N/A |
| Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. | |||||
| CVE-2014-0816 | 1 Norman | 1 Security Suite | 2014-02-27 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. | |||||
| CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2014-02-27 | 3.6 LOW | N/A |
| CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2014-1254 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||||
| CVE-2014-1243 | 1 Apple | 1 Quicktime | 2014-02-27 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. | |||||
| CVE-2014-0070 | 2014-02-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-2824 | 1 Schneider-electric | 4 Citectscada, Powerlogic Scada, Struxureware Powerscada Expert and 1 more | 2014-02-26 | 7.8 HIGH | N/A |
| Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2013-6945 | 1 Osehra | 1 Vista | 2014-02-25 | 7.5 HIGH | N/A |
| The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw." | |||||
| CVE-2013-6000 | 1 Tattyan | 1 Tattyan Hptown | 2014-02-25 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | |||||
| CVE-2013-6881 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2014-02-25 | 10.0 HIGH | N/A |
| CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. | |||||
| CVE-2013-4564 | 1 Libreswan | 1 Libreswan | 2014-02-25 | 5.0 MEDIUM | N/A |
| Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. | |||||
| CVE-2013-2214 | 1 Nagios | 1 Nagios | 2014-02-25 | 4.0 MEDIUM | N/A |
| status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. | |||||
| CVE-2013-7288 | 1 Mybb | 1 Mybb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs. | |||||
| CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2014-02-25 | 5.0 MEDIUM | N/A |
| BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||||
| CVE-2011-1936 | 1 Xen | 1 Xen | 2014-02-25 | 4.6 MEDIUM | N/A |
| Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
| CVE-2013-7097 | 1 7mediaws | 1 Edutrac | 2014-02-25 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. | |||||
| CVE-2013-7275 | 1 Mybb | 1 Mybb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup. | |||||
| CVE-2013-7240 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2014-02-25 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | |||||
| CVE-2014-0031 | 1 Apache | 1 Cloudstack | 2014-02-25 | 4.0 MEDIUM | N/A |
| The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | |||||
| CVE-2013-7106 | 1 Icinga | 1 Icinga | 2014-02-25 | 6.5 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107. | |||||
| CVE-2013-1853 | 1 Almanah Project | 1 Almanah | 2014-02-25 | 2.1 LOW | N/A |
| Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. | |||||
| CVE-2013-7256 | 1 Opsview | 1 Opsview | 2014-02-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-7317 | 1 Cs-cart | 1 Cs-cart | 2014-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf. | |||||
| CVE-2013-7289 | 1 Aphpkb | 1 Aphpkb | 2014-02-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter. | |||||
| CVE-2013-6642 | 1 Google | 2 Android, Chrome | 2014-02-25 | 5.0 MEDIUM | N/A |
| Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||||
| CVE-2013-6884 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2014-02-25 | 10.0 HIGH | N/A |
| The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. | |||||