Total
246363 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | N/A |
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||
CVE-2013-6188 | 1 Hp | 1 System Management Homepage | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2011-5289 | 1 Diego Uscanga | 1 Atube Catcher | 2023-12-10 | 6.4 MEDIUM | N/A |
The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. | |||||
CVE-2014-8662 | 1 Sap | 1 Payroll Process | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | |||||
CVE-2013-6492 | 1 Ryan Ohara | 1 Piranha | 2023-12-10 | 5.8 MEDIUM | N/A |
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request. | |||||
CVE-2014-2081 | 1 Iii | 1 Vtls-virtua | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
CVE-2014-6777 | 1 Blueeleph Project | 1 Blueeleph | 2023-12-10 | 5.4 MEDIUM | N/A |
The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2023-12-10 | 5.0 MEDIUM | N/A |
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | |||||
CVE-2014-2226 | 1 Ui | 1 Unifi Controller | 2023-12-10 | 2.6 LOW | N/A |
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-6168 | 1 Ibm | 1 Security Identity Manager | 2023-12-10 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.4 MEDIUM | N/A |
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | |||||
CVE-2014-0278 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279. | |||||
CVE-2014-9038 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 6.4 MEDIUM | N/A |
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. | |||||
CVE-2014-7874 | 1 Hp | 2 Hp-ux, System Management Homepage | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2014-0828 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-7849 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2023-12-10 | 4.0 MEDIUM | N/A |
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | |||||
CVE-2014-5762 | 1 Zeptolab | 1 Cut The Rope\ | 2023-12-10 | 5.4 MEDIUM | N/A |
The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-2362 | 1 Oleumtech | 2 Sensor Wireless I\/o Module, Wio Dh2 Wireless Gateway | 2023-12-10 | 7.8 HIGH | N/A |
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. | |||||
CVE-2014-4315 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA who allocated this candidate did not associate it with any vulnerability during 2014. Notes: none | |||||
CVE-2014-2735 | 1 Winscp | 1 Winscp | 2023-12-10 | 5.8 MEDIUM | N/A |
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |