Total
246711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0479 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2014-6948 | 1 Th3professional | 1 Th3 Professional Al Mohtarif | 2023-12-10 | 5.4 MEDIUM | N/A |
| The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-0415 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Session Management. | |||||
| CVE-2014-3559 | 1 Redhat | 1 Enterprise Virtualization | 2023-12-10 | 3.5 LOW | N/A |
| The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. | |||||
| CVE-2014-6935 | 1 Rgsmartapps | 1 Colormania - Color Quiz Game | 2023-12-10 | 5.4 MEDIUM | N/A |
| The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4582 | 1 Wp Consultant Project | 1 Wp Consultant | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter. | |||||
| CVE-2015-1596 | 1 Siemens | 1 Spcanywhere | 2023-12-10 | 5.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2023-12-10 | 4.0 MEDIUM | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||
| CVE-2011-5275 | 1 Gplhost | 1 Domain Technologie Control | 2023-12-10 | 7.5 HIGH | N/A |
| The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | |||||
| CVE-2014-0015 | 1 Haxx | 2 Curl, Libcurl | 2023-12-10 | 4.0 MEDIUM | N/A |
| cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. | |||||
| CVE-2014-3609 | 1 Squid-cache | 1 Squid | 2023-12-10 | 5.0 MEDIUM | N/A |
| HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | |||||
| CVE-2013-4197 | 1 Plone | 1 Plone | 2023-12-10 | 5.5 MEDIUM | N/A |
| member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||||
| CVE-2014-4161 | 1 Sap | 1 Supplier Relationship Management | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2015-1120 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | |||||
| CVE-2015-0578 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 5.7 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. | |||||
| CVE-2014-1304 | 1 Apple | 1 Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. | |||||
| CVE-2014-1444 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 1.7 LOW | N/A |
| The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. | |||||
| CVE-2014-7528 | 1 Apptive | 1 Horsepower | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1552 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. | |||||
| CVE-2014-8023 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 4.0 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. | |||||