Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1571 | 2 Christos Zoulas, Tim Robbins | 2 File, Libmagic | 2014-03-07 | 4.3 MEDIUM | N/A |
| file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | |||||
| CVE-2012-0825 | 1 Drupal | 1 Drupal | 2014-03-07 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-0826 | 1 Drupal | 1 Drupal | 2014-03-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. | |||||
| CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2014-03-07 | 1.9 LOW | N/A |
| LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. | |||||
| CVE-2011-3944 | 1 Ffmpeg | 1 Ffmpeg | 2014-03-07 | 6.8 MEDIUM | N/A |
| The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. | |||||
| CVE-2011-1831 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 4.6 MEDIUM | N/A |
| utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. | |||||
| CVE-2011-1832 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 2.1 LOW | N/A |
| utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. | |||||
| CVE-2011-1833 | 1 Linux | 1 Linux Kernel | 2014-03-07 | 3.3 LOW | N/A |
| Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. | |||||
| CVE-2011-1834 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 2.1 LOW | N/A |
| utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. | |||||
| CVE-2011-1835 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 4.4 MEDIUM | N/A |
| The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. | |||||
| CVE-2011-1836 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 4.6 MEDIUM | N/A |
| utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. | |||||
| CVE-2011-1837 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2014-03-07 | 3.6 LOW | N/A |
| The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2014-2211 | 1 Posh Project | 1 Posh | 2014-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||||
| CVE-2014-1887 | 2 Adobe, Drinkedin | 2 Phonegap, Drinkedin Barfinder | 2014-03-07 | 4.3 MEDIUM | N/A |
| The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com. | |||||
| CVE-2014-1886 | 2 Adobe, Edinburghtour | 2 Phonegap, Edinburgh By Bus | 2014-03-07 | 6.8 MEDIUM | N/A |
| The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites." | |||||
| CVE-2014-1885 | 2 Adobe, Hsgroup | 2 Phonegap, Forzearmate | 2014-03-07 | 6.4 MEDIUM | N/A |
| The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain. | |||||
| CVE-2014-0701 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2014-03-07 | 7.8 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. | |||||
| CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2014-03-07 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-0335 | 1 Serena | 1 Dimensions Cm | 2014-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI. | |||||
| CVE-2014-0336 | 1 Serena | 1 Dimensions Cm | 2014-03-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI. | |||||