Total
246194 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3707 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. | |||||
CVE-2014-3780 | 1 Citrix | 1 Vdi-in-a-box | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | |||||
CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
CVE-2014-2621 | 1 Hp | 2 Imc Branch Intelligent Management System Software Module, Intelligent Management Center | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090. | |||||
CVE-2014-4542 | 1 Ooorl Project | 1 Ooorl | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
CVE-2014-5583 | 1 Blackbeltstudio | 1 Most Popular Ringtones | 2023-12-10 | 5.4 MEDIUM | N/A |
The Most Popular Ringtones (aka com.bbs.mostpopularringtones) application 32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-9348 | 1 Robotstats | 1 Robotstats | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | |||||
CVE-2014-2972 | 1 Exim | 1 Exim | 2023-12-10 | 4.6 MEDIUM | N/A |
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | |||||
CVE-2014-0943 | 1 Ibm | 1 Websphere Commerce | 2023-12-10 | 7.1 HIGH | N/A |
IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. | |||||
CVE-2014-99999 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references | |||||
CVE-2011-5285 | 1 Bugfree | 1 Bugfree | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php. | |||||
CVE-2014-2604 | 1 Hp | 2 Icewall Mcrp, Icewall Sso | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. | |||||
CVE-2014-8312 | 1 Sap | 1 Netweaver Abap | 2023-12-10 | 3.5 LOW | N/A |
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. | |||||
CVE-2014-2589 | 1 Sonicwall | 1 Nsa 2400 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. | |||||
CVE-2015-0456 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services. | |||||
CVE-2014-0256 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability." | |||||
CVE-2014-4087 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4095, CVE-2014-4096, and CVE-2014-4101. | |||||
CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | |||||
CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | |||||
CVE-2014-3840 | 1 Mayan-edms | 1 Mayan Edms | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form. |