Total
246432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4250 | 1 Oracle | 1 Siebel Crm | 2023-12-10 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager. | |||||
| CVE-2013-4406 | 1 Quick Tabs Module Project | 1 Quicktabs | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. | |||||
| CVE-2014-4486 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 10.0 HIGH | N/A |
| IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2012-5876 | 1 Nero | 1 Mediahome | 2023-12-10 | 5.0 MEDIUM | N/A |
| Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-5803 | 1 Ember-entertainment | 1 Towers N\' Trolls | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2023-12-10 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||||
| CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2023-12-10 | 4.0 MEDIUM | N/A |
| Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
| CVE-2014-4865 | 1 Cacheguard | 1 Cacheguardos | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2102 | 1 Clip-bucket | 1 Clipbucket | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2014-8072 | 1 Openmrs | 1 Openmrs | 2023-12-10 | 4.0 MEDIUM | N/A |
| The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. | |||||
| CVE-2013-6125 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none | |||||
| CVE-2014-3708 | 2 Openstack, Redhat | 2 Nova, Openstack | 2023-12-10 | 4.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | |||||
| CVE-2014-3266 | 1 Cisco | 1 Security Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | |||||
| CVE-2014-6291 | 1 Alphabetic Sitemap Project | 1 Alphabetic Sitemap | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6024 | 1 Flurry | 1 Flurry-analytics-android | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-0528 | 1 Puppet | 1 Puppet | 2023-12-10 | 5.5 MEDIUM | N/A |
| Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. | |||||
| CVE-2014-9025 | 1 Commerceguys | 1 Commerce | 2023-12-10 | 5.0 MEDIUM | N/A |
| The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-6325 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. | |||||
| CVE-2014-4390 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | N/A |
| Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||||
| CVE-2014-6623 | 1 Arubanetworks | 1 Clearpass | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors. | |||||