Total
250161 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-7889 | 1 Hp | 7 Graphical Pos Pole Display Qz704aa, Lcd Pole Display F7a93aa, Ole Point Of Sale Driver and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511. | |||||
CVE-2015-3350 | 1 Todo Filter Project | 1 Todo Filter | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors. | |||||
CVE-2014-3349 | 1 Cisco | 1 Cloud Portal | 2023-12-10 | 4.0 MEDIUM | N/A |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | |||||
CVE-2013-6467 | 1 Libreswan | 1 Libreswan | 2023-12-10 | 5.0 MEDIUM | N/A |
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||||
CVE-2014-8533 | 1 Mcafee | 1 Network Data Loss Prevention | 2023-12-10 | 7.5 HIGH | N/A |
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | |||||
CVE-2014-6736 | 1 9jacompass | 1 Epl Hat Trick | 2023-12-10 | 5.4 MEDIUM | N/A |
The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6553 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console. | |||||
CVE-2011-5304 | 1 Sodahead | 1 Sodahead Polls | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php. | |||||
CVE-2014-6829 | 1 Gethook | 1 Hook | 2023-12-10 | 5.4 MEDIUM | N/A |
The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-2422 | 1 Oracle | 3 Javafx, Jdk, Jre | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.2 MEDIUM | N/A |
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
CVE-2014-4004 | 1 Sap | 1 Project System | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2015-0870 | 1 Nishishi | 1 Fumy News Clipper | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-0909 | 1 Ibm | 1 Rational License Key Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2013-0289 | 1 Isync Project | 1 Isync | 2023-12-10 | 4.3 MEDIUM | N/A |
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2014-5936 | 1 Incognito Private Browser Project | 1 Incognito Private Browser | 2023-12-10 | 5.4 MEDIUM | N/A |
The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7940 | 2 Google, Icu-project | 2 Chrome, International Components For Unicode | 2023-12-10 | 7.5 HIGH | N/A |
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. | |||||
CVE-2015-0491 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | |||||
CVE-2014-8266 | 1 Qpr | 1 Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. |