Total
248591 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0577 | 1 Cisco | 1 Asyncos | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. | |||||
CVE-2015-1469 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2023-12-10 | 9.0 HIGH | N/A |
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. | |||||
CVE-2014-1531 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. | |||||
CVE-2014-4158 | 1 Senkas | 1 Kolibri | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||||
CVE-2013-7339 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.7 MEDIUM | N/A |
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | |||||
CVE-2014-6554 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console. | |||||
CVE-2015-0424 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI. | |||||
CVE-2014-2808 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067. | |||||
CVE-2013-6117 | 1 Dahuasecurity | 1 Dvr Firmware | 2023-12-10 | 7.5 HIGH | N/A |
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | |||||
CVE-2014-3439 | 1 Symantec | 1 Endpoint Protection Manager | 2023-12-10 | 6.1 MEDIUM | N/A |
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
CVE-2015-1226 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. | |||||
CVE-2013-4279 | 1 Imapsync Project | 1 Imapsync | 2023-12-10 | 5.0 MEDIUM | N/A |
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site. | |||||
CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
CVE-2012-2808 | 1 Google | 1 Bionic | 2023-12-10 | 5.0 MEDIUM | N/A |
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800. | |||||
CVE-2013-2151 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
CVE-2014-6981 | 1 Tbb | 1 Taiwan Business Bank | 2023-12-10 | 5.4 MEDIUM | N/A |
The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7127 | 1 Pocketmags | 1 Football Espana Magazine | 2023-12-10 | 5.4 MEDIUM | N/A |
The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6316 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 5.8 MEDIUM | N/A |
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php. | |||||
CVE-2014-4257 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services. | |||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2023-12-10 | 5.8 MEDIUM | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. |