Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0381 | 1 Oracle | 1 E-business Suite | 2014-03-15 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework. | |||||
| CVE-2013-0397 | 1 Oracle | 1 E-business Suite | 2014-03-15 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. | |||||
| CVE-2012-6152 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 5.0 MEDIUM | N/A |
| The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. | |||||
| CVE-2012-3190 | 1 Oracle | 1 E-business Suite | 2014-03-15 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues. | |||||
| CVE-2014-0694 | 1 Cisco | 1 Cloud Portal | 2014-03-14 | 5.0 MEDIUM | N/A |
| Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. | |||||
| CVE-2014-0505 | 1 Adobe | 1 Shockwave Player | 2014-03-14 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-5133 | 1 Apple | 1 Iphone Os | 2014-03-14 | 8.8 HIGH | N/A |
| Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | |||||
| CVE-2014-2319 | 1 Powerarchiver | 1 Powerarchiver | 2014-03-14 | 5.0 MEDIUM | N/A |
| The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. | |||||
| CVE-2014-1286 | 1 Apple | 1 Iphone Os | 2014-03-14 | 5.0 MEDIUM | N/A |
| SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | |||||
| CVE-2014-1285 | 1 Apple | 1 Iphone Os | 2014-03-14 | 5.8 MEDIUM | N/A |
| Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | |||||
| CVE-2014-1281 | 1 Apple | 1 Iphone Os | 2014-03-14 | 1.9 LOW | N/A |
| Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. | |||||
| CVE-2014-1276 | 1 Apple | 1 Iphone Os | 2014-03-14 | 5.0 MEDIUM | N/A |
| IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. | |||||
| CVE-2014-1274 | 1 Apple | 1 Iphone Os | 2014-03-14 | 2.1 LOW | N/A |
| FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | |||||
| CVE-2013-3729 | 1 Kasseler-cms | 1 Kasseler-cms | 2014-03-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727. | |||||
| CVE-2013-5117 | 1 Zldnn | 1 Dnnarticle | 2014-03-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2013-7335 | 1 Dotnetnuke | 1 Dotnetnuke | 2014-03-13 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-3943 | 1 Dotnetnuke | 1 Dotnetnuke | 2014-03-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile. | |||||
| CVE-2014-1277 | 2014-03-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-1284 | 2014-03-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2019. Reason: This candidate is a duplicate of CVE-2014-2019. Notes: All CVE users should reference CVE-2014-2019 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2013-5639 | 1 Raoul Proenca | 1 Gnew | 2014-03-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie. | |||||