Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2014-03-05 | 4.3 MEDIUM | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | |||||
| CVE-2014-0861 | 1 Ibm | 1 Cognos Business Intelligence | 2014-03-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button. | |||||
| CVE-2014-1694 | 1 Otrs | 1 Otrs | 2014-03-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets. | |||||
| CVE-2013-5853 | 1 Oracle | 1 Database Server | 2014-03-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2013-5986 | 1 Nvidia | 1 Gpu Driver | 2014-03-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987. | |||||
| CVE-2013-6048 | 1 Munin-monitoring | 1 Munin | 2014-03-05 | 5.0 MEDIUM | N/A |
| The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. | |||||
| CVE-2013-6359 | 1 Munin-monitoring | 1 Munin | 2014-03-05 | 4.3 MEDIUM | N/A |
| Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | |||||
| CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2014-03-05 | 2.1 LOW | N/A |
| base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||||
| CVE-2013-6427 | 1 Hp | 1 Linux Imaging And Printing Project | 2014-03-05 | 6.8 MEDIUM | N/A |
| upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | |||||
| CVE-2013-6428 | 1 Openstack | 1 Heat | 2014-03-05 | 4.0 MEDIUM | N/A |
| The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. | |||||
| CVE-2013-6631 | 1 Google | 1 Chrome | 2014-03-05 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. | |||||
| CVE-2013-6634 | 1 Google | 1 Chrome | 2014-03-05 | 6.8 MEDIUM | N/A |
| The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | |||||
| CVE-2013-6636 | 1 Google | 1 Chrome | 2014-03-05 | 4.3 MEDIUM | N/A |
| The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. | |||||
| CVE-2013-6637 | 1 Google | 1 Chrome | 2014-03-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6638 | 1 Google | 2 Chrome, V8 | 2014-03-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. | |||||
| CVE-2013-6639 | 1 Google | 2 Chrome, V8 | 2014-03-05 | 7.5 HIGH | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | |||||
| CVE-2013-6640 | 1 Google | 2 Chrome, V8 | 2014-03-05 | 7.5 HIGH | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. | |||||
| CVE-2013-6767 | 1 Quickheal | 1 Antivirus Pro | 2014-03-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file. | |||||
| CVE-2013-6824 | 1 Zabbix | 1 Zabbix | 2014-03-05 | 7.5 HIGH | N/A |
| Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. | |||||
| CVE-2013-6891 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2014-03-05 | 1.2 LOW | N/A |
| lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||||