Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0347 | 1 Websense | 5 Triton Unified Security Center, Triton Web Filter, Triton Web Security and 2 more | 2014-04-14 | 3.5 LOW | N/A |
| The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. | |||||
| CVE-2013-2828 | 1 Osisoft | 1 Pi Interface | 2014-04-14 | 4.7 MEDIUM | N/A |
| The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line. | |||||
| CVE-2013-2809 | 1 Osisoft | 1 Pi Interface | 2014-04-14 | 7.1 HIGH | N/A |
| The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. | |||||
| CVE-2014-1210 | 1 Vmware | 1 Vsphere Client | 2014-04-14 | 5.8 MEDIUM | N/A |
| VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | |||||
| CVE-2014-1209 | 1 Vmware | 1 Vsphere Client | 2014-04-14 | 9.3 HIGH | N/A |
| VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. | |||||
| CVE-2014-1969 | 1 Apps4u\@android | 1 Sd Card Manager | 2014-04-14 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. | |||||
| CVE-2014-0777 | 1 Ioserver | 2 Ioserver Opc Server, Opc Drivers | 2014-04-14 | 7.8 HIGH | N/A |
| The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet. | |||||
| CVE-2014-2849 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-04-14 | 8.5 HIGH | N/A |
| The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||||
| CVE-2014-2850 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-04-14 | 8.5 HIGH | N/A |
| The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | |||||
| CVE-2014-2848 | 1 Tenable | 2 Nessus, Plugin-set | 2014-04-14 | 6.9 MEDIUM | N/A |
| A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | |||||
| CVE-2014-2847 | 1 Construtiva | 1 Cis Manager Cms | 2014-04-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||||
| CVE-2013-2708 | 1 Snilesh | 1 Content Slide | 2014-04-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | |||||
| CVE-2013-2706 | 2 Rodrigo Polo, Wordpress | 2 Stream Video Player, Wordpress | 2014-04-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | |||||
| CVE-2014-2742 | 1 Isode | 1 M-link | 2014-04-11 | 7.8 HIGH | N/A |
| Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2829 | 1 Erlang-solutions | 1 Mongooseim | 2014-04-11 | 7.8 HIGH | N/A |
| Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2746 | 1 Tigase | 1 Tigase | 2014-04-11 | 7.8 HIGH | N/A |
| net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2743 | 1 Lightwitch | 1 Metronome | 2014-04-11 | 7.8 HIGH | N/A |
| plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2014-04-11 | 7.5 HIGH | N/A |
| SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2014-04-11 | 5.0 MEDIUM | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2014-04-11 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||