Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9583 | 2 Asus, T-mobile | 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. | |||||
CVE-2014-1296 | 1 Apple | 4 Iphone Os, Mac Os X, Mac Os X Server and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | |||||
CVE-2014-0061 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 6.5 MEDIUM | N/A |
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. | |||||
CVE-2013-0187 | 1 Theforeman | 1 Foreman | 2024-02-28 | 6.5 MEDIUM | N/A |
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. | |||||
CVE-2015-1496 | 1 Motorola | 1 Motorola Scanner Sdk | 2024-02-28 | 7.2 HIGH | N/A |
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2014-2865 | 1 Paperthin | 1 Commonspot Content Server | 2024-02-28 | 7.5 HIGH | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation. | |||||
CVE-2014-7822 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. | |||||
CVE-2014-0268 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 4.0 MEDIUM | N/A |
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
CVE-2014-1957 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 6.5 MEDIUM | N/A |
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
CVE-2013-6660 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site. | |||||
CVE-2014-2227 | 1 Ui | 1 Unifi Video | 2024-02-28 | 6.0 MEDIUM | N/A |
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. | |||||
CVE-2014-1886 | 2 Adobe, Edinburghtour | 2 Phonegap, Edinburgh By Bus | 2024-02-28 | 6.8 MEDIUM | N/A |
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites." | |||||
CVE-2015-0075 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability." | |||||
CVE-2014-3771 | 1 Teampass | 1 Teampass | 2024-02-28 | 7.5 HIGH | N/A |
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||||
CVE-2014-0317 | 1 Microsoft | 5 Windows Server 2003, Windows Server 2008, Windows Server 2012 and 2 more | 2024-02-28 | 5.4 MEDIUM | N/A |
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." | |||||
CVE-2014-3278 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | |||||
CVE-2014-8493 | 1 Zte | 2 Zxhn H108l, Zxhn H108l Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | |||||
CVE-2014-0648 | 1 Cisco | 1 Secure Access Control System | 2024-02-28 | 10.0 HIGH | N/A |
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | |||||
CVE-2014-0319 | 1 Microsoft | 1 Silverlight | 2024-02-28 | 7.1 HIGH | N/A |
Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability." |