Total
250635 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6725 | 1 Apprenticeuitgevers | 1 Schoolxm | 2023-12-10 | 5.4 MEDIUM | N/A |
The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-4408 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 6.9 MEDIUM | N/A |
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | |||||
CVE-2015-0123 | 1 Ibm | 1 Rational Team Concert | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122. | |||||
CVE-2014-2541 | 1 Tibco | 3 Messaging Appliance, Rendezvous, Substantiation Es | 2023-12-10 | 5.0 MEDIUM | N/A |
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors. | |||||
CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | N/A |
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
CVE-2014-2739 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.6 MEDIUM | N/A |
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic. | |||||
CVE-2014-0451 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. | |||||
CVE-2015-2938 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. | |||||
CVE-2014-7354 | 1 Magzter | 1 Penumbra Emag | 2023-12-10 | 5.4 MEDIUM | N/A |
The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||||
CVE-2014-3095 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-12-10 | 3.5 LOW | N/A |
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement. | |||||
CVE-2012-6152 | 1 Pidgin | 1 Pidgin | 2023-12-10 | 5.0 MEDIUM | N/A |
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. | |||||
CVE-2013-6737 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2023-12-10 | 4.0 MEDIUM | N/A |
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. | |||||
CVE-2013-1980 | 1 Extended Module Player Project | 1 Extended Module Player | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file. | |||||
CVE-2014-4222 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 2.1 LOW | N/A |
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to plugin 1.1. | |||||
CVE-2013-6481 | 1 Pidgin | 1 Pidgin | 2023-12-10 | 5.0 MEDIUM | N/A |
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. | |||||
CVE-2014-6999 | 1 Jogoeusei | 1 Questoes Oab | 2023-12-10 | 5.4 MEDIUM | N/A |
The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2023-12-10 | 4.4 MEDIUM | N/A |
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | |||||
CVE-2014-7691 | 1 Life Story Of Sheikh Mujib Project | 1 Life Story Of Sheikh Mujib | 2023-12-10 | 5.4 MEDIUM | N/A |
The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-4076 | 1 Microsoft | 1 Windows Server 2003 | 2023-12-10 | 7.2 HIGH | N/A |
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." |