Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1467 | 1 Blackberry | 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more | 2014-02-14 | 5.0 MEDIUM | N/A |
| BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. | |||||
| CVE-2014-0724 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 4.0 MEDIUM | N/A |
| The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | |||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | 5.0 MEDIUM | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | |||||
| CVE-2013-1980 | 1 Extended Module Player Project | 1 Extended Module Player | 2014-02-12 | 6.8 MEDIUM | N/A |
| Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file. | |||||
| CVE-2013-1413 | 1 I-doit | 1 I-doit | 2014-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7182 | 1 Fortinet | 1 Fortios | 2014-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||||
| CVE-2013-7295 | 1 Torproject | 1 Tor | 2014-02-12 | 4.0 MEDIUM | N/A |
| Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2012-4466 | 1 Ruby-lang | 1 Ruby | 2014-02-12 | 5.0 MEDIUM | N/A |
| Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | |||||
| CVE-2012-4481 | 1 Ruby-lang | 1 Ruby | 2014-02-12 | 4.3 MEDIUM | N/A |
| The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. | |||||
| CVE-2012-3514 | 1 Nicolas Cannasse | 1 Ocaml Xml-light Library | 2014-02-12 | 5.0 MEDIUM | N/A |
| OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
| CVE-2012-2864 | 3 Acer, Google, Samsung | 5 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 2 more | 2014-02-12 | 10.0 HIGH | N/A |
| Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." | |||||
| CVE-2011-1018 | 1 Logwatch | 1 Logwatch | 2014-02-12 | 10.0 HIGH | N/A |
| logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. | |||||
| CVE-2011-0541 | 1 Fuse | 1 Fuse | 2014-02-12 | 3.3 LOW | N/A |
| fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | |||||
| CVE-2011-0543 | 1 Fuse | 1 Fuse | 2014-02-12 | 3.3 LOW | N/A |
| Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. | |||||
| CVE-2010-4411 | 1 Andy Armstrong | 1 Cgi.pm | 2014-02-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. | |||||
| CVE-2013-2055 | 1 Apache | 1 Wicket | 2014-02-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup. | |||||
| CVE-2012-0064 | 2 X, Xkeyboard Config Project | 2 X.org X11, Xkeyboard-config | 2014-02-11 | 4.6 MEDIUM | N/A |
| xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. | |||||
| CVE-2013-5012 | 1 Symantec | 1 Web Gateway | 2014-02-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5546 | 2014-02-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This identifier was publicly assigned by its CNA to information that was incorrectly specified due to a typo. Notes: none. | |||||
| CVE-2013-6143 | 1 Schneider-electric | 1 Telvent Sage 3030 Firmware | 2014-02-10 | 5.0 MEDIUM | N/A |
| The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. | |||||
| CVE-2011-4930 | 3 Condor Project, Fedoraproject, Redhat | 3 Condor, Fedora, Enterprise Mrg | 2014-02-10 | 4.4 MEDIUM | N/A |
| Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. | |||||
| CVE-2011-4092 | 1 Ubuntu Developers | 1 Obby | 2014-02-10 | 5.8 MEDIUM | N/A |
| obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. | |||||
| CVE-2010-4777 | 1 Perl | 1 Perl | 2014-02-10 | 4.3 MEDIUM | N/A |
| The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. | |||||
| CVE-2010-3090 | 2014-02-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3089. Reason: This issue was MERGED into CVE-2010-3089 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2010-3089 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-1916 | 1 Light Speed Gaming | 2 Mumble, Mumblekit | 2014-02-10 | 5.0 MEDIUM | N/A |
| The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet. | |||||
| CVE-2013-1904 | 1 Roundcube | 1 Webmail | 2014-02-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013. | |||||
| CVE-2012-5524 | 1 Gajim | 1 Gajim | 2014-02-10 | 4.3 MEDIUM | N/A |
| The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA. | |||||
| CVE-2011-4099 | 1 Libcap | 1 Libcap | 2014-02-10 | 4.6 MEDIUM | N/A |
| The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. | |||||
| CVE-2010-4226 | 2 Gnu, Opensuse | 2 Cpio, Opensuse | 2014-02-07 | 5.0 MEDIUM | N/A |
| cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. | |||||
| CVE-2014-1870 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2014-02-07 | 4.3 MEDIUM | N/A |
| Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | |||||
| CVE-2013-2038 | 2 Canonical, Gpsd Project | 2 Ubuntu Linux, Gpsd | 2014-02-07 | 4.3 MEDIUM | N/A |
| The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability. | |||||
| CVE-2014-0366 | 1 Oracle | 1 E-business Suite | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments. | |||||
| CVE-2014-0367 | 1 Oracle | 1 Hyperion | 2014-02-07 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-0370 | 1 Oracle | 1 Siebel Crm | 2014-02-07 | 2.8 LOW | N/A |
| Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report. | |||||
| CVE-2014-0371 | 1 Oracle | 2 Supply Chain Products Suite, Supply Chain Products Suite Sql-server | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others. | |||||
| CVE-2014-0374 | 1 Oracle | 1 Fusion Middleware | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events. | |||||
| CVE-2014-0380 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF). | |||||
| CVE-2014-0381 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 2.6 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445. | |||||
| CVE-2014-0383 | 1 Oracle | 1 Fusion Middleware | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console. | |||||
| CVE-2014-0388 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev. | |||||
| CVE-2014-0398 | 1 Oracle | 1 E-business Suite | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Discoverer. | |||||
| CVE-2014-0399 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security. | |||||
| CVE-2014-0400 | 1 Oracle | 1 Fusion Middleware | 2014-02-07 | 6.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server. | |||||
| CVE-2014-0425 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2014-0434 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation. | |||||
| CVE-2014-0435 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security. | |||||
| CVE-2014-0438 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor. | |||||
| CVE-2014-0439 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution. | |||||
| CVE-2014-0440 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology. | |||||