Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1441 | 1 Coreftp | 1 Core Ftp | 2014-05-02 | 4.3 MEDIUM | N/A |
| Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice. | |||||
| CVE-2013-7110 | 1 Transifex | 1 Transifex | 2014-05-02 | 4.3 MEDIUM | N/A |
| Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073. | |||||
| CVE-2013-2073 | 1 Transifex | 1 Transifex | 2014-05-02 | 4.3 MEDIUM | N/A |
| Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | |||||
| CVE-2014-0646 | 1 Emc | 1 Rsa Access Manager | 2014-05-02 | 6.9 MEDIUM | N/A |
| The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files. | |||||
| CVE-2014-2545 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2014-05-01 | 5.0 MEDIUM | N/A |
| TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. | |||||
| CVE-2014-0786 | 1 Ecava | 1 Integraxor | 2014-05-01 | 5.0 MEDIUM | N/A |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | |||||
| CVE-2014-2260 | 1 Ajenti | 1 Ajenti | 2014-05-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality. | |||||
| CVE-2013-1807 | 1 Php-fusion | 1 Php-fusion | 2014-05-01 | 5.0 MEDIUM | N/A |
| PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. | |||||
| CVE-2013-1806 | 1 Php-fusion | 1 Php-fusion | 2014-05-01 | 6.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php. | |||||
| CVE-2014-2565 | 1 Bluecoat | 2 Content Analysis System, Content Analysis System Software | 2014-05-01 | 6.5 MEDIUM | N/A |
| The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | |||||
| CVE-2013-4121 | 2014-05-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was a site-specific issue. Notes: none. | |||||
| CVE-2001-1593 | 1 Gnu | 1 A2ps | 2014-04-30 | 2.1 LOW | N/A |
| The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2013-1805 | 2014-04-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was MERGED into CVE-2013-1806 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-1806 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2013-7372 | 2 Apache, Google | 2 Harmony, Android | 2014-04-30 | 5.0 MEDIUM | N/A |
| The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. | |||||
| CVE-2013-7302 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2014-04-30 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID. | |||||
| CVE-2013-7284 | 1 Malcolm Nooning | 1 Pirpc | 2014-04-30 | 6.8 MEDIUM | N/A |
| The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2013-7273 | 1 Gnome | 1 Gnome Display Manager | 2014-04-30 | 2.1 LOW | N/A |
| GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name. | |||||
| CVE-2013-7373 | 1 Google | 1 Android | 2014-04-30 | 7.5 HIGH | N/A |
| Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | |||||
| CVE-2013-7236 | 1 Simplemachines | 1 Simple Machines Forum | 2014-04-30 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | |||||
| CVE-2013-7235 | 1 Simplemachines | 1 Simple Machines Forum | 2014-04-30 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. | |||||