Total
250648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0819 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
| The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. | |||||
| CVE-2013-6497 | 1 Clamav | 1 Clamav | 2023-12-10 | 2.1 LOW | N/A |
| clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||||
| CVE-2014-0669 | 1 Cisco | 1 Asr 5000 Series Software | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. | |||||
| CVE-2014-7922 | 1 Google | 1 Play Services Sdk | 2023-12-10 | 4.3 MEDIUM | N/A |
| The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument. | |||||
| CVE-2014-100028 | 1 Webcrafted Project | 1 Webcrafted | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. | |||||
| CVE-2014-0363 | 1 Igniterealtime | 1 Smack | 2023-12-10 | 5.8 MEDIUM | N/A |
| The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. | |||||
| CVE-2014-9098 | 1 Apptha | 1 Contus Video Gallery | 2023-12-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php. | |||||
| CVE-2013-6141 | 1 Op5 | 1 Monitor | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. | |||||
| CVE-2015-1639 | 1 Microsoft | 1 Office | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability." | |||||
| CVE-2014-0360 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candidate is a duplicate of CVE-2014-2741. Notes: All CVE users should reference CVE-2014-2741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2023-12-10 | 5.8 MEDIUM | N/A |
| The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6682 | 1 W88235ff7bdc2fb574f1789750ea99ed6 Project | 1 W88235ff7bdc2fb574f1789750ea99ed6 | 2023-12-10 | 5.4 MEDIUM | N/A |
| The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1518 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2013-7307 | 1 Brocade | 2 Vyatta Vrouter, Vyatta Vrouter Software | 2023-12-10 | 5.4 MEDIUM | N/A |
| The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2014-1536 | 1 Mozilla | 1 Firefox | 2023-12-10 | 10.0 HIGH | N/A |
| The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2014-4233 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP. | |||||
| CVE-2014-3797 | 1 Vmware | 1 Vcenter Server Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2815 | 1 Microsoft | 1 Onenote | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." | |||||
| CVE-2014-7183 | 1 Litecart | 1 Litecart | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING. | |||||
| CVE-2014-5635 | 1 Createdineden | 1 Buy Yorkshire Conference | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||