Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2334 | 1 Fortinet | 1 Fortianalyzer Firmware | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | |||||
| CVE-2014-2335 | 1 Fortinet | 1 Fortianalyzer Firmware | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | |||||
| CVE-2014-2336 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | |||||
| CVE-2014-2339 | 1 Sir | 1 Gnuboard | 2017-08-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. | |||||
| CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2017-08-28 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||||
| CVE-2014-2505 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-28 | 5.4 MEDIUM | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | |||||
| CVE-2014-2511 | 1 Emc | 8 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 5 more | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | |||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2017-08-28 | 8.5 HIGH | N/A |
| EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | |||||
| CVE-2014-2517 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2014-2518 | 1 Emc | 9 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 6 more | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-2520 | 1 Emc | 1 Documentum Content Server | 2017-08-28 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | |||||
| CVE-2014-2521 | 1 Emc | 1 Documentum Content Server | 2017-08-28 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | |||||
| CVE-2014-2559 | 1 Twitget Project | 1 Twitget | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php. | |||||
| CVE-2014-2578 | 1 Splunk | 1 Splunk | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2017-08-28 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2014-2593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2017-08-28 | 9.0 HIGH | N/A |
| The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | |||||
| CVE-2014-2598 | 1 Quick Page\/post Redirect Project | 1 Quick Page\/post Redirect | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php. | |||||
| CVE-2014-2605 | 1 Hp | 10 Storage Management Software, Storevirtual 4130, Storevirtual 4330 and 7 more | 2017-08-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2014-2606 | 1 Hp | 10 Storage Management Software, Storevirtual 4130, Storevirtual 4330 and 7 more | 2017-08-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. | |||||