Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2643 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component. | |||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 9.3 HIGH | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | |||||
| CVE-2013-2641 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||||
| CVE-2014-1976 | 1 Yumenomachi | 1 Demaecan | 2014-03-18 | 5.8 MEDIUM | N/A |
| The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.0 MEDIUM | N/A |
| The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||||
| CVE-2013-2047 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 2.1 LOW | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | |||||
| CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.6 MEDIUM | N/A |
| Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | |||||
| CVE-2013-2048 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 6.5 MEDIUM | N/A |
| ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | |||||
| CVE-2013-2044 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2013-2043 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | |||||
| CVE-2013-2042 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php. | |||||
| CVE-2013-2041 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js. | |||||
| CVE-2013-2040 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2039 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | |||||
| CVE-2013-1963 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.0 MEDIUM | N/A |
| The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors. | |||||
| CVE-2014-2292 | 1 Juniper | 1 Ive Os | 2014-03-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2014-03-17 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2014-1438 | 1 Linux | 1 Linux Kernel | 2014-03-15 | 4.7 MEDIUM | N/A |
| The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. | |||||
| CVE-2013-7027 | 1 Linux | 1 Linux Kernel | 2014-03-15 | 6.1 MEDIUM | N/A |
| The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. | |||||
| CVE-2013-7266 | 1 Linux | 1 Linux Kernel | 2014-03-15 | 4.9 MEDIUM | N/A |
| The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||