Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1908 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2014-12-30 | 5.0 MEDIUM | N/A |
| The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2014-2224 | 1 Plogger | 1 Plogger | 2014-12-30 | 5.0 MEDIUM | N/A |
| Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. | |||||
| CVE-2014-9424 | 1 Openbsd | 1 Libressl | 2014-12-30 | 7.5 HIGH | N/A |
| Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. | |||||
| CVE-2014-6228 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 7.5 HIGH | N/A |
| Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | |||||
| CVE-2014-6229 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | |||||
| CVE-2014-5386 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | |||||
| CVE-2013-3295 | 1 Exponentcms | 1 Exponent Cms | 2014-12-30 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | |||||
| CVE-2014-2209 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | |||||
| CVE-2014-0748 | 1 Cray | 1 Cray Linux Environment | 2014-12-30 | 7.2 HIGH | N/A |
| apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912. | |||||
| CVE-2013-4793 | 1 Umbraco | 1 Umbraco Cms | 2014-12-30 | 7.5 HIGH | N/A |
| The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | |||||
| CVE-2013-4754 | 1 Owl | 1 Intranet Knowledgebase | 2014-12-30 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php. | |||||
| CVE-2014-9188 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 9.0 HIGH | N/A |
| Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2014-8513 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2014-8512 | 1 Schneider Electric | 1 Proclima | 2014-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. | |||||
| CVE-2013-6919 | 1 Phpthumb Project | 1 Phpthumb | 2014-12-29 | 4.3 MEDIUM | N/A |
| The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. | |||||
| CVE-2013-6241 | 1 Open-xchange | 1 Open-xchange Appsuite | 2014-12-29 | 4.0 MEDIUM | N/A |
| The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | |||||
| CVE-2013-5958 | 1 Sensiolabs | 1 Symfony | 2014-12-29 | 5.0 MEDIUM | N/A |
| The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. | |||||
| CVE-2013-4769 | 1 Eucalyptus | 1 Eucalyptus | 2014-12-29 | 4.3 MEDIUM | N/A |
| The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | |||||
| CVE-2011-3623 | 1 Videolan | 1 Vlc Media Player | 2014-12-29 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. | |||||