Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0441 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker. | |||||
| CVE-2014-0443 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security. | |||||
| CVE-2014-0444 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871. | |||||
| CVE-2014-0445 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381. | |||||
| CVE-2013-5808 | 1 Oracle | 1 Fusion Middleware | 2014-02-07 | 2.6 LOW | N/A |
| Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administration. | |||||
| CVE-2013-5868 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444. | |||||
| CVE-2013-5869 | 1 Oracle | 1 Fusion Middleware | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service. | |||||
| CVE-2013-5871 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2014-0444. | |||||
| CVE-2013-5873 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker. | |||||
| CVE-2013-5874 | 1 Oracle | 1 E-business Suite | 2014-02-07 | 1.7 LOW | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging. | |||||
| CVE-2013-5877 | 1 Oracle | 2 Supply Chain Products Suite, Supply Chain Products Suite Sql-server | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | |||||
| CVE-2013-5880 | 1 Oracle | 1 Supply Chain Products Suite | 2014-02-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | |||||
| CVE-2013-5886 | 1 Oracle | 1 Peoplesoft Products | 2014-02-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects. | |||||
| CVE-2013-4739 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2014-02-07 | 4.9 MEDIUM | N/A |
| The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c. | |||||
| CVE-2013-2634 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 1.9 LOW | N/A |
| net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-2635 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 1.9 LOW | N/A |
| The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-1848 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 6.2 MEDIUM | N/A |
| fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. | |||||
| CVE-2013-2146 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 4.7 MEDIUM | N/A |
| arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | |||||
| CVE-2013-2232 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 4.9 MEDIUM | N/A |
| The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. | |||||
| CVE-2013-2237 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 2.1 LOW | N/A |
| The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. | |||||
| CVE-2013-2239 | 1 Openvz | 1 Vzkernel | 2014-02-07 | 4.7 MEDIUM | N/A |
| vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c. | |||||
| CVE-2013-0914 | 1 Linux | 1 Linux Kernel | 2014-02-07 | 3.6 LOW | N/A |
| The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. | |||||
| CVE-2012-5534 | 1 Flashtux | 1 Weechat | 2014-02-07 | 7.5 HIGH | N/A |
| The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." | |||||
| CVE-2012-5854 | 1 Flashtux | 1 Weechat | 2014-02-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded. | |||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2014-02-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | |||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2014-02-05 | 8.5 HIGH | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | |||||
| CVE-2013-3098 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2014-02-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4383 | 2 Dennis Bruecke, Drupal | 2 Jquery Countdown, Drupal | 2014-02-04 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6035 | 6 Gatehouse, Harris, Hughes Network Systems and 3 more | 9 Gatehouse, Bgan, 9201 and 6 more | 2014-02-04 | 10.0 HIGH | N/A |
| The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations. | |||||
| CVE-2013-6034 | 6 Gatehouse, Harris, Hughes Network Systems and 3 more | 9 Gatehouse, Bgan, 9201 and 6 more | 2014-02-04 | 10.0 HIGH | N/A |
| The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors. | |||||
| CVE-2013-6033 | 1 Lexmark | 9 C52x, C53x, C920 and 6 more | 2014-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. | |||||
| CVE-2013-6032 | 1 Lexmark | 23 25xxn, C52x, C53x and 20 more | 2014-02-04 | 10.0 HIGH | N/A |
| cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. | |||||
| CVE-2013-7301 | 1 Craig Drummond | 1 Cantata | 2014-02-03 | 5.0 MEDIUM | N/A |
| Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | |||||
| CVE-2013-4331 | 1 Robert Ancell | 1 Lightdm | 2014-02-03 | 2.1 LOW | N/A |
| Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2013-6838 | 2 Enghouseinteractive, Openvz | 2 Ivr Pro, Vzkernel | 2014-01-31 | 10.0 HIGH | N/A |
| An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key. | |||||
| CVE-2013-2234 | 1 Linux | 1 Linux Kernel | 2014-01-30 | 2.1 LOW | N/A |
| The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. | |||||
| CVE-2014-0810 | 1 Justsystems | 1 Sanshiro | 2014-01-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2014-0025 | 2014-01-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1690. Reason: This candidate is a reservation duplicate of CVE-2014-1690. Notes: All CVE users should reference CVE-2014-1690 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-1202 | 2 Eviware, Smartbear | 2 Soapui, Soapui | 2014-01-28 | 9.3 HIGH | N/A |
| The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | |||||
| CVE-2013-5785 | 1 Oracle | 1 Fusion Middleware | 2014-01-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security and Authentication. | |||||
| CVE-2013-5795 | 1 Oracle | 2 Supply Chain Products Suite, Supply Chain Products Suite Sql-server | 2014-01-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | |||||
| CVE-2013-5125 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-5126 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-5127 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-5128 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-5385 | 1 Ibm | 2 I, Z\/os | 2014-01-28 | 8.5 HIGH | N/A |
| The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-3830 | 1 Oracle | 1 Hyperion Interactive Reporting | 2014-01-28 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server. | |||||
| CVE-2013-3349 | 1 Adobe | 1 Coldfusion | 2014-01-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2013-1042 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-1043 | 1 Apple | 1 Iphone Os | 2014-01-28 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||