Total
254322 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0354 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | |||||
CVE-2014-9632 | 1 Avg | 2 Internet Security, Protection | 2023-12-10 | 7.2 HIGH | N/A |
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call. | |||||
CVE-2014-2458 | 1 Oracle | 1 Supply Chain Products Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install. | |||||
CVE-2014-1474 | 2 Bestpractical, Email\ | 2 Rt, \ | 2023-12-10 | 5.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address. | |||||
CVE-2014-4334 | 1 Ubi | 1 Rayman Legends | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. | |||||
CVE-2013-3046 | 1 Ibm | 1 Sametime | 2023-12-10 | 4.3 MEDIUM | N/A |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | |||||
CVE-2014-6455 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2014-6889 | 1 Gunbroker | 1 Gunbroker.com | 2023-12-10 | 5.4 MEDIUM | N/A |
The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2013-6775 | 2 Chainfire, Google | 2 Supersu, Android | 2023-12-10 | 10.0 HIGH | N/A |
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | |||||
CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2015-0070 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | |||||
CVE-2014-2157 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2023-12-10 | 7.1 HIGH | N/A |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | |||||
CVE-2014-4472 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | |||||
CVE-2011-4696 | 1 Eye | 1 Eye-fi Helper | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request. | |||||
CVE-2014-1613 | 1 Dotclear | 1 Dotclear | 2023-12-10 | 7.5 HIGH | N/A |
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php. | |||||
CVE-2013-2169 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | |||||
CVE-2014-2183 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2023-12-10 | 6.3 MEDIUM | N/A |
The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | |||||
CVE-2013-6838 | 2 Enghouseinteractive, Openvz | 2 Ivr Pro, Vzkernel | 2023-12-10 | 10.0 HIGH | N/A |
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key. | |||||
CVE-2014-8869 | 1 Tapatalk | 1 Tapatalk | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. | |||||
CVE-2014-3966 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username. |