Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0135 | 1 Theforeman | 1 Kafo | 2014-05-09 | 1.9 LOW | N/A |
| Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | |||||
| CVE-2013-6889 | 1 Gnu | 1 Rush | 2014-05-09 | 4.9 MEDIUM | N/A |
| GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | |||||
| CVE-2013-3571 | 1 Dest-unreach | 1 Socat | 2014-05-09 | 2.6 LOW | N/A |
| socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. | |||||
| CVE-2014-2443 | 1 Oracle | 1 Peoplesoft Products | 2014-05-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | |||||
| CVE-2013-0210 | 1 Theforeman | 1 Foreman | 2014-05-08 | 7.5 HIGH | N/A |
| The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. | |||||
| CVE-2013-0187 | 1 Theforeman | 1 Foreman | 2014-05-08 | 6.5 MEDIUM | N/A |
| Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. | |||||
| CVE-2013-0173 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||||
| CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2014-05-08 | 5.0 MEDIUM | N/A |
| The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||||
| CVE-2013-0171 | 1 Theforeman | 1 Foreman | 2014-05-08 | 7.5 HIGH | N/A |
| Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | |||||
| CVE-2012-5477 | 1 Theforeman | 1 Foreman | 2014-05-08 | 3.6 LOW | N/A |
| The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | |||||
| CVE-2014-3426 | 1 Illinois | 1 Ncsa Mosaic | 2014-05-08 | 2.1 LOW | N/A |
| NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. | |||||
| CVE-2014-3425 | 1 Illinois | 1 Ncsa Mosaic | 2014-05-08 | 2.1 LOW | N/A |
| NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. | |||||
| CVE-2014-2136 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2014-05-08 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. | |||||
| CVE-2014-2135 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2014-05-08 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. | |||||
| CVE-2014-2134 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2014-05-08 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. | |||||
| CVE-2014-2133 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2014-05-08 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. | |||||
| CVE-2014-2132 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2014-05-08 | 7.8 HIGH | N/A |
| Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. | |||||
| CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2014-05-07 | 6.8 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | |||||
| CVE-2014-0685 | 1 Cisco | 1 Cisco Nexus 1000v Intercloud | 2014-05-07 | 5.0 MEDIUM | N/A |
| Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. | |||||
| CVE-2014-0684 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2014-05-07 | 4.6 MEDIUM | N/A |
| Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | |||||