Total
250623 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0363 | 1 Igniterealtime | 1 Smack | 2023-12-10 | 5.8 MEDIUM | N/A |
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. | |||||
CVE-2014-9098 | 1 Apptha | 1 Contus Video Gallery | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. | |||||
CVE-2013-6141 | 1 Op5 | 1 Monitor | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. | |||||
CVE-2015-1639 | 1 Microsoft | 1 Office | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability." | |||||
CVE-2014-0360 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candidate is a duplicate of CVE-2014-2741. Notes: All CVE users should reference CVE-2014-2741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2023-12-10 | 5.8 MEDIUM | N/A |
The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6682 | 1 W88235ff7bdc2fb574f1789750ea99ed6 Project | 1 W88235ff7bdc2fb574f1789750ea99ed6 | 2023-12-10 | 5.4 MEDIUM | N/A |
The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-1518 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2013-7307 | 1 Brocade | 2 Vyatta Vrouter, Vyatta Vrouter Software | 2023-12-10 | 5.4 MEDIUM | N/A |
The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
CVE-2014-1536 | 1 Mozilla | 1 Firefox | 2023-12-10 | 10.0 HIGH | N/A |
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2014-4233 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP. | |||||
CVE-2014-3797 | 1 Vmware | 1 Vcenter Server Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-2815 | 1 Microsoft | 1 Onenote | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." | |||||
CVE-2014-7183 | 1 Litecart | 1 Litecart | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. | |||||
CVE-2014-5635 | 1 Createdineden | 1 Buy Yorkshire Conference | 2023-12-10 | 5.4 MEDIUM | N/A |
The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6453 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560. | |||||
CVE-2015-0219 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. | |||||
CVE-2014-0683 | 1 Cisco | 6 Cvr100w, Cvr100w Firmware, Rv110w and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. | |||||
CVE-2015-1086 | 1 Apple | 2 Iphone Os, Tvos | 2023-12-10 | 6.9 MEDIUM | N/A |
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2014-6958 | 1 Core-apps | 1 Ismrm-esmrmb 2014 | 2023-12-10 | 5.4 MEDIUM | N/A |
The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |