Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5304 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-02 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-4255 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-0359 | 1 Ibm | 1 Websphere Application Server | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2016-3647 | 1 Symantec | 1 Endpoint Protection Manager | 2017-08-31 | 4.0 MEDIUM | 7.7 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. | |||||
| CVE-2014-4803 | 1 Ibm | 1 Curam Social Program Management | 2017-08-28 | 3.5 LOW | N/A |
| CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter. | |||||
| CVE-2014-4815 | 1 Ibm | 1 Ibm Rational Lifecycle Integration Adapter For Windchill | 2017-08-28 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-5073 | 1 Vmturbo | 1 Operations Manager | 2017-08-28 | 7.5 HIGH | N/A |
| vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. | |||||
| CVE-2014-4756 | 1 Ibm | 1 Rational License Key Server | 2017-08-28 | 3.5 LOW | N/A |
| The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors. | |||||
| CVE-2014-4760 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2014-4374 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3054 | 1 Ibm | 2 Websphere Portal, Websphere Portal Unified Task List Portlet | 2017-08-28 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2014-3069 | 1 Ibm | 1 Curam Social Program Management | 2017-08-28 | 3.5 LOW | N/A |
| Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters. | |||||
| CVE-2014-3097 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2017-08-28 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | |||||
| CVE-2014-3171 | 1 Google | 1 Chrome | 2017-08-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. | |||||
| CVE-2014-3178 | 1 Google | 1 Chrome | 2017-08-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies. | |||||
| CVE-2014-3510 | 1 Openssl | 1 Openssl | 2017-08-28 | 4.3 MEDIUM | N/A |
| The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. | |||||
| CVE-2014-3529 | 1 Apache | 1 Poi | 2017-08-28 | 4.3 MEDIUM | N/A |
| The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3574 | 1 Apache | 1 Poi | 2017-08-28 | 4.3 MEDIUM | N/A |
| Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2014-4376 | 1 Apple | 1 Mac Os X | 2017-08-28 | 10.0 HIGH | N/A |
| IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | |||||