Total
249001 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4427 | 1 Leon Weber | 1 Pyxtrlock | 2023-12-10 | 2.1 LOW | N/A |
| pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors. | |||||
| CVE-2015-0805 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 7.5 HIGH | N/A |
| The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | |||||
| CVE-2014-4907 | 2 Op5, Pnp4nagios | 2 Monitor, Pnp4nagios | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. | |||||
| CVE-2015-3372 | 1 Node Invite Project | 1 Node Invite | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2013-2698 | 1 Kieranoshea | 1 Calendar | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors. | |||||
| CVE-2014-5195 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | N/A |
| Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension. | |||||
| CVE-2014-1948 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2023-12-10 | 2.6 LOW | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2014-8840 | 1 Apple | 1 Iphone Os | 2023-12-10 | 6.8 MEDIUM | N/A |
| The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | |||||
| CVE-2015-1473 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2023-12-10 | 6.4 MEDIUM | N/A |
| The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | |||||
| CVE-2014-5025 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. | |||||
| CVE-2013-6399 | 1 Qemu | 1 Qemu | 2023-12-10 | 7.5 HIGH | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||||
| CVE-2014-2496 | 1 Oracle | 1 Peoplesoft Products | 2023-12-10 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Test Framework. | |||||
| CVE-2014-5759 | 1 Awesome Antivirus 2014 Project | 1 Awesome Antivirus 2014 | 2023-12-10 | 5.4 MEDIUM | N/A |
| The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2023-12-10 | 9.3 HIGH | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | |||||
| CVE-2014-2634 | 1 Hp | 1 Service Manager | 2023-12-10 | 9.4 HIGH | N/A |
| Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors. | |||||
| CVE-2014-3572 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. | |||||
| CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | |||||
| CVE-2012-2106 | 1 Csounds | 1 Csound | 2023-12-10 | 9.3 HIGH | N/A |
| Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-3091 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-2205 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-12-10 | 6.3 MEDIUM | N/A |
| The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | |||||