Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5527 | 1 Tapjoy | 1 Tapjoy Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5525 | 1 Playscape | 1 Mominis Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5524 | 1 Adcolony | 1 Adcolony Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2009-0972 | 1 Oracle | 1 Database Server | 2014-09-08 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-3900 | 1 Piwigo | 1 Piwigo | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | |||||
| CVE-2014-3904 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-3905 | 1 Tenfourzero | 1 Shutter | 2014-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2014-09-08 | 6.3 MEDIUM | N/A |
| The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | |||||
| CVE-2014-4862 | 1 Netmaster | 2 Cbw700 Software, Netmaster Cbw700n | 2014-09-08 | 5.0 MEDIUM | N/A |
| The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | |||||
| CVE-2014-4863 | 1 Arris | 2 Touchstone Dg950a, Touchstone Dg950a Software | 2014-09-08 | 5.0 MEDIUM | N/A |
| The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | |||||
| CVE-2014-5504 | 1 Solarwinds | 1 Log And Event Manager | 2014-09-08 | 7.5 HIGH | N/A |
| SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. | |||||
| CVE-2014-5508 | 1 Srvx | 1 Srvx | 2014-09-08 | 3.5 LOW | N/A |
| Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations. | |||||
| CVE-2014-2379 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2014-09-08 | 5.4 MEDIUM | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | |||||
| CVE-2014-2378 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2014-09-08 | 7.6 HIGH | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2014-5269 | 1 Plack Project | 1 Plack | 2014-09-08 | 5.0 MEDIUM | N/A |
| Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static. | |||||
| CVE-2014-3909 | 1 Falconsc | 1 Wisepoint | 2014-09-08 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-5036 | 1 Eucalyptus | 1 Eucalyptus | 2014-09-08 | 1.9 LOW | N/A |
| The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | |||||
| CVE-2014-5285 | 1 Tibco | 1 Spotfire Server | 2014-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors. | |||||
| CVE-2013-5879 | 1 Oracle | 1 Fusion Middleware | 2014-09-03 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. | |||||
| CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2014-09-03 | 2.8 LOW | N/A |
| The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||