Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2024-02-28 | 6.4 MEDIUM | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | |||||
| CVE-2014-4167 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2024-02-28 | 3.5 LOW | N/A |
| The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | |||||
| CVE-2014-3642 | 1 Redhat | 6 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 3 more | 2024-02-28 | 6.5 MEDIUM | N/A |
| vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method." | |||||
| CVE-2014-5298 | 1 X2engine | 1 X2engine | 2024-02-28 | 5.0 MEDIUM | N/A |
| FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program. | |||||
| CVE-2013-7061 | 1 Plone | 1 Plone | 2024-02-28 | 5.5 MEDIUM | N/A |
| Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | |||||
| CVE-2014-4683 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2024-02-28 | 4.9 MEDIUM | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||||
| CVE-2014-1516 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application. | |||||
| CVE-2014-8114 | 1 Redhat | 1 Uberfire | 2024-02-28 | 6.8 MEDIUM | N/A |
| The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet. | |||||
| CVE-2014-3279 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | |||||
| CVE-2014-1350 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.6 MEDIUM | N/A |
| Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. | |||||
| CVE-2013-4193 | 1 Plone | 1 Plone | 2024-02-28 | 4.3 MEDIUM | N/A |
| typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL. | |||||
| CVE-2012-5697 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-02-28 | 4.6 MEDIUM | N/A |
| The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files. | |||||
| CVE-2014-4200 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2024-02-28 | 4.7 MEDIUM | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. | |||||
| CVE-2013-7196 | 1 Phpfox | 1 Phpfox | 2024-02-28 | 5.5 MEDIUM | N/A |
| static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication. | |||||
| CVE-2014-4976 | 1 Sonicwall | 1 Scrutinizer | 2024-02-28 | 5.5 MEDIUM | N/A |
| Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||||
| CVE-2014-0557 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||
| CVE-2014-3333 | 1 Cisco | 1 Unity Connection | 2024-02-28 | 9.0 HIGH | N/A |
| The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. | |||||
| CVE-2014-3835 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 5.5 MEDIUM | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors. | |||||
| CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | N/A |
| IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-3132 | 1 Sap | 1 Background Processing | 2024-02-28 | 4.0 MEDIUM | N/A |
| SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | |||||