Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6251 | 1 Cpuminer Project | 1 Cpuminer | 2014-10-27 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. | |||||
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2014-10-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2014-5169 | 1 Date Project | 1 Date | 2014-10-24 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title. | |||||
| CVE-2014-5420 | 1 Carefusion | 1 Pyxis Supplystation | 2014-10-24 | 3.5 LOW | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors. | |||||
| CVE-2012-5242 | 1 Bananadance | 1 Banana Dance | 2014-10-24 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. | |||||
| CVE-2012-5243 | 1 Bananadance | 1 Banana Dance | 2014-10-24 | 5.0 MEDIUM | N/A |
| functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | |||||
| CVE-2014-8346 | 1 Samsung | 2 Findmymobile, Mobile | 2014-10-24 | 7.8 HIGH | N/A |
| The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | |||||
| CVE-2014-7298 | 1 Centrify | 2 Centrify Suite, Directcontrol | 2014-10-24 | 4.9 MEDIUM | N/A |
| adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality. | |||||
| CVE-2014-7281 | 1 Tenda | 2 A32, A32 Firmware | 2014-10-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | |||||
| CVE-2014-8364 | 1 Tim Rohrer | 1 Wordpress Spreadsheet Plugin | 2014-10-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter. | |||||
| CVE-2014-3978 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | |||||
| CVE-2014-3830 | 1 Tomatocart | 1 Tomatocart | 2014-10-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. | |||||
| CVE-2014-8365 | 1 Xornic | 1 Contact Us | 2014-10-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable. | |||||
| CVE-2014-6418 | 1 Linux | 1 Linux Kernel | 2014-10-24 | 7.1 HIGH | N/A |
| net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. | |||||
| CVE-2014-6452 | 1 Oracle | 1 Database Server | 2014-10-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542. | |||||
| CVE-2014-6546 | 1 Oracle | 1 Database Server | 2014-10-24 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-6560 | 1 Oracle | 1 Database Server | 2014-10-24 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545. | |||||
| CVE-2014-6563 | 1 Oracle | 1 Database Server | 2014-10-24 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538. | |||||
| CVE-2014-6646 | 1 Bellyhoodcom Project | 1 Bellyhoodcom | 2014-10-24 | 5.4 MEDIUM | N/A |
| The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-5150 | 1 Apple | 1 Iphone Os | 2014-10-23 | 1.9 LOW | N/A |
| The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | |||||