Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2349 | 1 Emerson | 1 Deltav | 2014-05-23 | 4.6 MEDIUM | N/A |
| Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. | |||||
| CVE-2014-2907 | 1 Wireshark | 1 Wireshark | 2014-05-22 | 4.3 MEDIUM | N/A |
| The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-3220 | 1 F5 | 1 Big-iq | 2014-05-22 | 9.0 HIGH | N/A |
| F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | |||||
| CVE-2013-6401 | 1 Jansson Project | 1 Jansson | 2014-05-22 | 5.0 MEDIUM | N/A |
| Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. | |||||
| CVE-2014-3831 | 2014-05-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2014-3807 | 1 Barracudadrive | 1 Barracudadrive | 2014-05-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/. | |||||
| CVE-2014-3792 | 1 Beetel | 2 450tc2 Router, 450tc2 Router Firmware | 2014-05-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1. | |||||
| CVE-2014-3791 | 1 Efssoft | 1 Easy File Sharing Web Server | 2014-05-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. | |||||
| CVE-2014-3739 | 1 Zenoss | 1 Zenoss | 2014-05-21 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter. | |||||
| CVE-2014-3412 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Ja2500 Appliance | 2014-05-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-7383 | 1 X2go | 1 X2go Server | 2014-05-21 | 9.0 HIGH | N/A |
| x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks. | |||||
| CVE-2013-4380 | 2 Drupal, Mediafront | 2 Drupal, Mediafront | 2014-05-21 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. | |||||
| CVE-2013-4321 | 1 Typo3 | 1 Typo3 | 2014-05-21 | 6.5 MEDIUM | N/A |
| The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250. | |||||
| CVE-2013-4320 | 1 Typo3 | 1 Typo3 | 2014-05-21 | 5.5 MEDIUM | N/A |
| The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL. | |||||
| CVE-2012-6146 | 1 Typo3 | 1 Typo3 | 2014-05-21 | 4.0 MEDIUM | N/A |
| The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL. | |||||
| CVE-2014-3444 | 1 Realnetworks | 1 Realplayer | 2014-05-20 | 9.3 HIGH | N/A |
| The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. | |||||
| CVE-2014-3268 | 1 Cisco | 2 Ios, Unified Border Element | 2014-05-20 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215. | |||||
| CVE-2014-3269 | 1 Cisco | 1 Ios Xe | 2014-05-20 | 6.8 MEDIUM | N/A |
| The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | |||||
| CVE-2014-2194 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2014-05-20 | 6.8 MEDIUM | N/A |
| system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | |||||
| CVE-2014-2193 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2014-05-20 | 4.3 MEDIUM | N/A |
| Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084. | |||||