Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7234 | 1 Simplemachines | 1 Simple Machines Forum | 2014-04-30 | 4.3 MEDIUM | N/A |
| Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | |||||
| CVE-2013-7134 | 1 Phusion | 1 Juvia | 2014-04-29 | 7.5 HIGH | N/A |
| Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | |||||
| CVE-2013-7111 | 1 Basespace Ruby Sdk Project | 1 Basespace Ruby Sdk | 2014-04-29 | 5.0 MEDIUM | N/A |
| The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes. | |||||
| CVE-2013-7068 | 1 Organic Groups Project | 1 Organic Groups | 2014-04-29 | 4.9 MEDIUM | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||||
| CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2014-04-29 | 4.3 MEDIUM | N/A |
| The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | |||||
| CVE-2013-7064 | 1 Freelance-it-consultant | 1 Eu Cookie Compliance | 2014-04-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values. | |||||
| CVE-2013-7063 | 1 Invitation Project | 1 Invitation | 2014-04-29 | 5.0 MEDIUM | N/A |
| The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | |||||
| CVE-2014-2184 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 5.0 MEDIUM | N/A |
| The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | |||||
| CVE-2014-2185 | 1 Cisco | 1 Unified Communications Manager | 2014-04-29 | 4.0 MEDIUM | N/A |
| The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | |||||
| CVE-2014-2182 | 1 Cisco | 1 Adaptive Security Appliance Software | 2014-04-29 | 6.1 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520. | |||||
| CVE-2014-2180 | 1 Cisco | 2 Unified Contact Center Enterprise, Unified Contact Center Express Editor Software | 2014-04-29 | 4.0 MEDIUM | N/A |
| The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. | |||||
| CVE-2014-0079 | 1 Zarafa | 1 Zarafa | 2014-04-29 | 5.0 MEDIUM | N/A |
| The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password." | |||||
| CVE-2014-0037 | 1 Zarafa | 1 Zarafa | 2014-04-29 | 5.0 MEDIUM | N/A |
| The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username." | |||||
| CVE-2013-4285 | 1 Dkorunic | 1 Pam S\/key | 2014-04-29 | 2.1 LOW | N/A |
| A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory. | |||||
| CVE-2013-0296 | 1 Zlib | 1 Pigz | 2014-04-28 | 4.4 MEDIUM | N/A |
| Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | |||||
| CVE-2011-3603 | 1 Litech | 1 Router Advertisement Daemon | 2014-04-28 | 4.4 MEDIUM | N/A |
| The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. | |||||
| CVE-2014-3007 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2014-04-28 | 10.0 HIGH | N/A |
| Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | |||||
| CVE-2014-2994 | 1 Acunetix | 1 Web Vulnerability Scanner | 2014-04-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute). | |||||