Total
249088 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6510 | 1 Sun | 1 Sunos | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. | |||||
CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2023-12-10 | 3.6 LOW | N/A |
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
CVE-2014-2283 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | N/A |
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. | |||||
CVE-2014-0860 | 1 Ibm | 6 Advanced Management Module, Advanced Management Module Firmware, Integrated Management Module and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. | |||||
CVE-2013-6031 | 1 Huawei | 2 E355, E355 Firmware | 2023-12-10 | 4.3 MEDIUM | N/A |
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | |||||
CVE-2013-7374 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date. | |||||
CVE-2014-2384 | 1 Vmware | 2 Player, Workstation | 2023-12-10 | 4.9 MEDIUM | N/A |
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable." | |||||
CVE-2014-1721 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. | |||||
CVE-2014-7569 | 1 Bestapp | 1 Best Greatness Quotes | 2023-12-10 | 5.4 MEDIUM | N/A |
The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2010-1444 | 1 Videolan | 1 Vlc Media Player | 2023-12-10 | 7.5 HIGH | N/A |
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive. | |||||
CVE-2014-2002 | 1 C-board Moyuku Project | 1 C-board Moyuku | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
CVE-2013-4449 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2023-12-10 | 4.3 MEDIUM | N/A |
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. | |||||
CVE-2015-2010 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0010. Reason: This candidate is a duplicate of CVE-2015-0010. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-0010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2014-1741 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges. | |||||
CVE-2014-7754 | 1 Appsworld | 1 Condor S.e. | 2023-12-10 | 5.4 MEDIUM | N/A |
The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | |||||
CVE-2013-2131 | 1 Rrdtool Project | 1 Rrdtool | 2023-12-10 | 5.0 MEDIUM | N/A |
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||||
CVE-2014-2771 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769. | |||||
CVE-2015-1089 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 5.0 MEDIUM | N/A |
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |