Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0804 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element. | |||||
CVE-2015-3459 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2024-02-28 | 10.0 HIGH | N/A |
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands. | |||||
CVE-2014-0492 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." | |||||
CVE-2013-6492 | 1 Ryan Ohara | 1 Piranha | 2024-02-28 | 5.8 MEDIUM | N/A |
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request. | |||||
CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2024-02-28 | 1.9 LOW | N/A |
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | |||||
CVE-2014-2780 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2024-02-28 | 6.9 MEDIUM | N/A |
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability." | |||||
CVE-2014-0002 | 1 Apache | 1 Camel | 2024-02-28 | 7.5 HIGH | N/A |
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2015-3003 | 1 Juniper | 1 Junos | 2024-02-28 | 7.2 HIGH | N/A |
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. | |||||
CVE-2014-0125 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | N/A |
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. | |||||
CVE-2014-9633 | 1 Comodo | 1 Backup | 2024-02-28 | 7.5 HIGH | N/A |
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||||
CVE-2014-1816 | 1 Microsoft | 1 Xml Core Services | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability." | |||||
CVE-2014-5179 | 2 Freelinking For Case Tracker Project, Freelinking Project | 2 Freelinking For Case Tracker, Freelinking | 2024-02-28 | 4.3 MEDIUM | N/A |
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. | |||||
CVE-2014-3416 | 1 Jasig | 1 Uportal | 2024-02-28 | 6.5 MEDIUM | N/A |
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet. | |||||
CVE-2013-6442 | 1 Samba | 1 Samba | 2024-02-28 | 5.8 MEDIUM | N/A |
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. | |||||
CVE-2015-1608 | 1 Topline Systems | 1 Opportunity Form | 2024-02-28 | 4.0 MEDIUM | N/A |
Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. | |||||
CVE-2013-2604 | 1 Realnetworks | 1 Realarcade Installer | 2024-02-28 | 7.2 HIGH | N/A |
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. | |||||
CVE-2014-9632 | 1 Avg | 2 Internet Security, Protection | 2024-02-28 | 7.2 HIGH | N/A |
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call. | |||||
CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2024-02-28 | 9.0 HIGH | N/A |
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. | |||||
CVE-2015-0001 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2024-02-28 | 1.9 LOW | N/A |
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability." | |||||
CVE-2015-1885 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 9.3 HIGH | N/A |
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors. |