Total
250755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8866 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2023-12-10 | 4.7 MEDIUM | N/A |
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. | |||||
CVE-2014-3544 | 1 Moodle | 1 Moodle | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. | |||||
CVE-2014-2820 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063. | |||||
CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
CVE-2015-0385 | 1 Oracle | 1 Mysql | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth. | |||||
CVE-2015-1415 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 2.1 LOW | N/A |
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | |||||
CVE-2014-9252 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 2.1 LOW | N/A |
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. | |||||
CVE-2014-7010 | 1 Utsa | 1 Utsa Mobile | 2023-12-10 | 5.4 MEDIUM | N/A |
The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-0670 | 1 Cisco | 1 Mediasense | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. | |||||
CVE-2014-0129 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | N/A |
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. | |||||
CVE-2013-4426 | 1 Leon Weber | 1 Pyxtrlock | 2023-12-10 | 3.6 LOW | N/A |
pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. | |||||
CVE-2015-0470 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot. | |||||
CVE-2014-8121 | 3 Canonical, Gnu, Suse | 4 Ubuntu Linux, Glibc, Suse Linux Enterprise Desktop and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. | |||||
CVE-2014-2455 | 1 Oracle | 1 Hyperion | 2023-12-10 | 6.0 MEDIUM | N/A |
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface. | |||||
CVE-2012-4234 | 1 Phorum | 1 Phorum | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | |||||
CVE-2014-6710 | 1 Chifro | 1 Chifro Kids Coloring Game | 2023-12-10 | 5.4 MEDIUM | N/A |
The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-1631 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | |||||
CVE-2015-0095 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 5.6 MEDIUM | N/A |
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." | |||||
CVE-2014-3179 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2014-5965 | 1 Groovemusic Project | 1 Groovemusic | 2023-12-10 | 5.4 MEDIUM | N/A |
The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |