Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3203 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | |||||
| CVE-2014-3204 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. | |||||
| CVE-2014-3202 | 1 Ayatana Project | 1 Unity | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | |||||
| CVE-2014-2558 | 1 Skyphe | 1 File-gallery | 2014-05-07 | 6.5 MEDIUM | N/A |
| The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. | |||||
| CVE-2012-6619 | 1 Mongodb | 1 Mongodb | 2014-05-06 | 6.4 MEDIUM | N/A |
| The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | |||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2014-05-06 | 4.4 MEDIUM | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||||
| CVE-2014-0149 | 1 Redhat | 1 Jboss Web Framework Kit | 2014-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | |||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2014-05-06 | 3.5 LOW | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | |||||
| CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2014-05-05 | 6.3 MEDIUM | N/A |
| tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | |||||
| CVE-2010-5109 | 2 Fedoraproject, Randall Hand | 2 Fedora, Yerase\'s Tnef Stream Reader | 2014-05-05 | 4.3 MEDIUM | N/A |
| Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | |||||
| CVE-2014-1406 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2014-05-05 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. | |||||
| CVE-2014-1408 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2014-05-05 | 7.8 HIGH | N/A |
| The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. | |||||
| CVE-2014-0621 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2014-05-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | |||||
| CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2014-05-05 | 5.8 MEDIUM | N/A |
| The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | |||||
| CVE-2014-2322 | 1 Dynamixsolutions | 1 Arabic Prawn | 2014-05-05 | 7.5 HIGH | N/A |
| lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. | |||||
| CVE-2014-3139 | 1 Unitrends | 1 Enterprise Backup | 2014-05-05 | 7.5 HIGH | N/A |
| recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | |||||
| CVE-2014-2553 | 1 Otrs | 1 Otrs | 2014-05-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. | |||||
| CVE-2014-2601 | 1 Hp | 1 Integrated Lights-out 2 Firmware | 2014-05-04 | 7.8 HIGH | N/A |
| The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. | |||||
| CVE-2014-2713 | 1 Juniper | 1 Junos | 2014-05-04 | 5.0 MEDIUM | N/A |
| Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules. | |||||
| CVE-2014-2741 | 1 Igniterealtime | 1 Openfire | 2014-05-04 | 7.8 HIGH | N/A |
| nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||