Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1297 | 1 Apple | 1 Safari | 2014-04-02 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. | |||||
| CVE-2014-2138 | 1 Cisco | 1 Security Manager | 2014-04-02 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | |||||
| CVE-2014-2137 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2014-04-02 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | |||||
| CVE-2014-1942 | 1 Pearson | 1 Esis Enterprise Student Information System | 2014-04-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3588 | 1 Zyxel | 11 P-660h-61, P-660h-63, P-660h-67 and 8 more | 2014-04-02 | 7.8 HIGH | N/A |
| The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. | |||||
| CVE-2014-2212 | 1 Posh Project | 1 Posh | 2014-04-02 | 5.0 MEDIUM | N/A |
| The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie. | |||||
| CVE-2014-1691 | 1 Horde | 1 Horde Application Framework | 2014-04-02 | 7.5 HIGH | N/A |
| The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | |||||
| CVE-2013-7350 | 1 Checkpoint | 1 Security Gateway | 2014-04-01 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes." | |||||
| CVE-2013-7348 | 1 Linux | 1 Linux Kernel | 2014-04-01 | 4.6 MEDIUM | N/A |
| Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. | |||||
| CVE-2012-0032 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | 3.7 LOW | N/A |
| Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. | |||||
| CVE-2011-4573 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | 3.5 LOW | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | |||||
| CVE-2014-0635 | 1 Emc | 1 Vplex Geosynchrony | 2014-04-01 | 7.5 HIGH | N/A |
| Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-0634 | 1 Emc | 1 Vplex Geosynchrony | 2014-04-01 | 6.0 MEDIUM | N/A |
| EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2014-04-01 | 7.7 HIGH | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2014-2034 | 1 Sonatype | 1 Nexus | 2014-04-01 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | |||||
| CVE-2013-2278 | 1 Jgaa | 1 Warftpd | 2014-04-01 | 10.0 HIGH | N/A |
| Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log." | |||||
| CVE-2009-5141 | 1 Jgaa | 1 Warftpd | 2014-04-01 | 4.0 MEDIUM | N/A |
| Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. | |||||
| CVE-2014-2241 | 2 Canonical, Freetype | 2 Ubuntu Linux, Freetype | 2014-03-31 | 6.8 MEDIUM | N/A |
| The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. | |||||
| CVE-2014-2534 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2014-03-31 | 4.9 MEDIUM | N/A |
| /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow. | |||||
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2014-03-31 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | |||||