Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1539 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. | |||||
CVE-2004-2771 | 4 Bsd Mailx Project, Heirloom, Oracle and 1 more | 4 Bsd Mailx, Mailx, Linux and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. | |||||
CVE-2014-9597 | 1 Videolan | 1 Vlc Media Player | 2024-02-28 | 6.8 MEDIUM | N/A |
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | |||||
CVE-2013-7110 | 1 Transifex | 1 Transifex | 2024-02-28 | 4.3 MEDIUM | N/A |
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073. | |||||
CVE-2014-2343 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-02-28 | 2.1 LOW | N/A |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | |||||
CVE-2013-2143 | 2 Redhat, Theforeman | 2 Network Satellite, Katello | 2024-02-28 | 6.5 MEDIUM | N/A |
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | |||||
CVE-2014-9462 | 2 Mercurial, Opensuse | 2 Mercurial, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. | |||||
CVE-2015-0645 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. | |||||
CVE-2015-1133 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. | |||||
CVE-2014-0317 | 1 Microsoft | 5 Windows Server 2003, Windows Server 2008, Windows Server 2012 and 2 more | 2024-02-28 | 5.4 MEDIUM | N/A |
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." | |||||
CVE-2014-3714 | 1 Xen | 1 Xen | 2024-02-28 | 3.3 LOW | N/A |
The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow. | |||||
CVE-2013-6484 | 1 Pidgin | 1 Pidgin | 2024-02-28 | 5.0 MEDIUM | N/A |
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. | |||||
CVE-2014-4388 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | |||||
CVE-2015-0638 | 1 Cisco | 1 Ios | 2024-02-28 | 7.1 HIGH | N/A |
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | |||||
CVE-2014-4068 | 1 Microsoft | 1 Lync Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability." | |||||
CVE-2014-2158 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2024-02-28 | 7.8 HIGH | N/A |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. | |||||
CVE-2014-2113 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | |||||
CVE-2014-4461 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 9.3 HIGH | N/A |
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||||
CVE-2014-2668 | 1 Apache | 1 Couchdb | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | |||||
CVE-2014-9369 | 1 Siemens | 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more | 2024-02-28 | 7.8 HIGH | N/A |
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. |