Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2564 | 1 Mambo-foundation | 1 Mambo Cms | 2014-06-24 | 5.0 MEDIUM | N/A |
| Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | |||||
| CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2014-06-24 | 4.0 MEDIUM | N/A |
| The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-6223 | 1 Livezilla | 1 Livezilla | 2014-06-24 | 2.1 LOW | N/A |
| LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | |||||
| CVE-2013-1973 | 1 Autocomplete Widgets Project | 1 Autocomplete Widgets | 2014-06-24 | 4.0 MEDIUM | N/A |
| The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors. | |||||
| CVE-2013-7323 | 1 Vinay Sajip | 1 Python-gnupg | 2014-06-24 | 7.5 HIGH | N/A |
| python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2009-5023 | 1 Fail2ban | 1 Fail2ban | 2014-06-24 | 4.7 MEDIUM | N/A |
| The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | |||||
| CVE-2014-3216 | 1 Gomlab | 1 Gom Media Player | 2014-06-24 | 4.3 MEDIUM | N/A |
| GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | |||||
| CVE-2014-3873 | 1 Freebsd | 1 Freebsd | 2014-06-24 | 2.1 LOW | N/A |
| The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. | |||||
| CVE-2014-3883 | 1 Webmin | 1 Usermin | 2014-06-23 | 6.8 MEDIUM | N/A |
| Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||||
| CVE-2014-4507 | 1 Theforeman | 1 Foreman | 2014-06-23 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. | |||||
| CVE-2011-4821 | 1 D-link | 2 Dir-601, Dir-601 Firmware | 2014-06-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-4309 | 1 Openfiler | 1 Openfiler | 2014-06-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName parameter to admin/volumes_iscsi_targets.html; the User-Agent HTTP header to (12) language.html, (13) login.html, or (14) password.html in account/; or the User-Agent HTTP header to (15) account_groups.html, (16) account_users.html, (17) services.html, (18) services_ftp.html, (19) services_iscsi_target.html, (20) services_rsync.html, (21) system_clock.html, (22) system_info.html, (23) system_ups.html, (24) volumes_editpartitions.html, or (25) volumes_iscsi_targets.html in admin/. | |||||
| CVE-2014-3000 | 1 Freebsd | 1 Freebsd | 2014-06-20 | 7.8 HIGH | N/A |
| The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. | |||||
| CVE-2014-3790 | 1 Vmware | 1 Vcenter Server Appliance | 2014-06-20 | 9.0 HIGH | N/A |
| Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||||
| CVE-2014-3880 | 1 Freebsd | 1 Freebsd | 2014-06-20 | 4.9 MEDIUM | N/A |
| The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. | |||||
| CVE-2014-4044 | 1 Openafs | 1 Openafs | 2014-06-20 | 5.0 MEDIUM | N/A |
| OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests. | |||||
| CVE-2014-4160 | 1 Sap | 1 Netweaver Business Client | 2014-06-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. | |||||
| CVE-2014-2404 | 1 Oracle | 1 Fusion Middleware | 2014-06-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. | |||||
| CVE-2014-2452 | 1 Oracle | 1 Fusion Middleware | 2014-06-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin. | |||||
| CVE-2014-0134 | 1 Openstack | 1 Compute | 2014-06-20 | 3.5 LOW | N/A |
| The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | |||||