Total
249088 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4493 | 1 Apple | 1 Iphone Os | 2023-12-10 | 7.5 HIGH | N/A |
| The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | |||||
| CVE-2014-6993 | 1 Codeeta | 1 Codeeta Coupons | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6144 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none | |||||
| CVE-2014-8609 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | N/A |
| The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | |||||
| CVE-2014-2996 | 1 Xcloner | 1 Xcloner | 2023-12-10 | 7.1 HIGH | N/A |
| XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579. | |||||
| CVE-2013-6041 | 1 Softaculous | 1 Webuzo | 2023-12-10 | 7.5 HIGH | N/A |
| index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||||
| CVE-2014-6719 | 1 Rapidmedia | 1 Kayak Angler Magazine | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3885 | 1 Webmin | 1 Webmin | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||||
| CVE-2013-2074 | 1 Kde | 1 Kdelibs | 2023-12-10 | 5.0 MEDIUM | N/A |
| kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. | |||||
| CVE-2013-4189 | 1 Plone | 1 Plone | 2023-12-10 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors. | |||||
| CVE-2015-0918 | 1 Sefrengo | 1 Sefrengo | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | |||||
| CVE-2014-3330 | 1 Cisco | 2 Nexus 9000, Nx-os | 2023-12-10 | 5.0 MEDIUM | N/A |
| Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489. | |||||
| CVE-2014-9494 | 1 Pivotal Software | 1 Rabbitmq | 2023-12-10 | 5.0 MEDIUM | N/A |
| RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. | |||||
| CVE-2014-9028 | 1 Flac | 1 Libflac | 2023-12-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||||
| CVE-2015-2773 | 1 Websense | 1 V-series Appliances | 2023-12-10 | 5.0 MEDIUM | N/A |
| SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-4168 | 1 Kryo | 1 Iodine | 2023-12-10 | 5.0 MEDIUM | N/A |
| (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | |||||
| CVE-2014-8626 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. | |||||
| CVE-2014-2495 | 1 Oracle | 1 Peoplesoft Products | 2023-12-10 | 2.3 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing. | |||||
| CVE-2014-9444 | 1 Frontend Uploader Project | 1 Frontend Uploader | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. | |||||
| CVE-2014-4351 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. | |||||