Total
250745 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2862 | 1 Paperthin | 1 Commonspot Content Server | 2023-12-10 | 6.5 MEDIUM | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | |||||
CVE-2015-1122 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. | |||||
CVE-2014-4364 | 1 Apple | 2 Iphone Os, Tvos | 2023-12-10 | 2.9 LOW | 5.6 MEDIUM |
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | |||||
CVE-2014-0672 | 1 Cisco | 1 Mediasense | 2023-12-10 | 4.0 MEDIUM | N/A |
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. | |||||
CVE-2015-0582 | 1 Cisco | 2 Mds 9000, Nx-os | 2023-12-10 | 5.0 MEDIUM | N/A |
The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | |||||
CVE-2015-0499 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | |||||
CVE-2014-9193 | 1 Innominate | 1 Mguard Firmware | 2023-12-10 | 9.0 HIGH | N/A |
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |||||
CVE-2014-4488 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 10.0 HIGH | N/A |
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2014-7890 | 1 Hp | 3 Ole Point Of Sale Driver, Pos Keyboard Fk221aa, Pos Keyboard With Msr Fk218aa | 2023-12-10 | 10.0 HIGH | N/A |
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510. | |||||
CVE-2015-1221 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp. | |||||
CVE-2014-8541 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2023-12-10 | 7.5 HIGH | N/A |
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. | |||||
CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2012-3062 | 1 Cisco | 1 Ios | 2023-12-10 | 5.7 MEDIUM | N/A |
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | |||||
CVE-2014-6637 | 1 Praninc | 1 Facebook Facts | 2023-12-10 | 5.4 MEDIUM | N/A |
The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-4344 | 3 Debian, Mit, Redhat | 6 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.8 HIGH | N/A |
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. | |||||
CVE-2014-5889 | 1 Androidforums | 1 Forum For Android | 2023-12-10 | 5.4 MEDIUM | N/A |
The Android Forums (aka com.tapatalk.androidforumscom) application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-9349 | 1 Robotstats | 1 Robotstats | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php. | |||||
CVE-2014-3587 | 2 Christos Zoulas, Php | 2 File, Php | 2023-12-10 | 4.3 MEDIUM | N/A |
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. | |||||
CVE-2014-3177 | 1 Google | 1 Chrome | 2023-12-10 | 10.0 HIGH | N/A |
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. | |||||
CVE-2013-4710 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | N/A |
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. |