Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1444 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 1.7 LOW | N/A |
| The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. | |||||
| CVE-2014-1445 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 2.1 LOW | N/A |
| The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. | |||||
| CVE-2014-1446 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 1.9 LOW | N/A |
| The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. | |||||
| CVE-2014-1456 | 1 Openwebanalytics | 1 Open Web Analytics | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php. | |||||
| CVE-2014-1458 | 1 Fortinet | 1 Fortiweb | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||||
| CVE-2014-1469 | 1 Blackberry | 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express | 2017-08-28 | 4.9 MEDIUM | N/A |
| BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. | |||||
| CVE-2014-1472 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1473 | 1 Mcafee | 1 Vulnerability Manager | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | |||||
| CVE-2014-1568 | 4 Apple, Google, Microsoft and 1 more | 9 Mac Os X, Chrome, Chrome Os and 6 more | 2017-08-28 | 7.5 HIGH | N/A |
| Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | |||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | |||||
| CVE-2014-1604 | 1 Python | 1 Rply | 2017-08-28 | 2.1 LOW | N/A |
| The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. | |||||
| CVE-2014-1611 | 2 Anonymous Posting Project, Drupal | 2 Anonymous Posting, Drupal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field. | |||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php. | |||||
| CVE-2014-1619 | 1 Cubicfactory | 1 Cubic Cms | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario. | |||||
| CVE-2014-1620 | 1 Hiox | 1 Hiox Guest Book | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameter. | |||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2017-08-28 | 3.3 LOW | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
| CVE-2014-1626 | 1 Galen Charlton | 1 Marc-xml | 2017-08-28 | 5.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file. | |||||
| CVE-2014-1638 | 1 Debian | 1 Localepurge | 2017-08-28 | 3.3 LOW | N/A |
| (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2017-08-28 | 3.3 LOW | N/A |
| syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||