Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4738 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2014-02-21 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c. | |||||
| CVE-2011-4327 | 1 Openbsd | 1 Openssh | 2014-02-21 | 2.1 LOW | N/A |
| ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. | |||||
| CVE-2013-0234 | 1 Elgg | 1 Elgg | 2014-02-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save. | |||||
| CVE-2012-2250 | 1 Torproject | 1 Tor | 2014-02-21 | 5.0 MEDIUM | N/A |
| Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | |||||
| CVE-2012-2249 | 1 Torproject | 1 Tor | 2014-02-21 | 5.0 MEDIUM | N/A |
| Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | |||||
| CVE-2013-4979 | 1 Ideamk | 1 Eps Viewer | 2014-02-21 | 9.3 HIGH | N/A |
| Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file. | |||||
| CVE-2013-7320 | 1 D-link | 2 Dap 2253, Dap 2253 Firmware | 2014-02-20 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors. | |||||
| CVE-2014-0039 | 1 Cipherdyne | 1 Fwsnort | 2014-02-20 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory. | |||||
| CVE-2014-0750 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2014-02-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. | |||||
| CVE-2014-0751 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2014-02-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. | |||||
| CVE-2014-0757 | 1 3s-software | 1 Codesys Runtime Toolkit | 2014-02-20 | 5.0 MEDIUM | N/A |
| Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2014-0814 | 1 Phpmyfaq | 1 Phpmyfaq | 2014-02-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1475 | 1 Drupal | 1 Drupal | 2014-02-20 | 7.5 HIGH | N/A |
| The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | |||||
| CVE-2014-1476 | 1 Drupal | 1 Drupal | 2014-02-20 | 4.0 MEDIUM | N/A |
| The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. | |||||
| CVE-2014-1915 | 1 Doug Poulin | 1 Command School Student Management System | 2014-02-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914. | |||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-20 | 4.3 MEDIUM | N/A |
| Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2014-1931 | 1 Visibility Software | 1 Cyber Recruiter | 2014-02-20 | 4.3 MEDIUM | N/A |
| The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests. | |||||
| CVE-2013-7038 | 1 Gnu | 1 Libmicrohttpd | 2014-02-20 | 6.4 MEDIUM | N/A |
| The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. | |||||
| CVE-2013-7039 | 1 Gnu | 1 Libmicrohttpd | 2014-02-20 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. | |||||
| CVE-2013-7135 | 1 Detlef Pilzecker | 1 Proc\ | 2014-02-20 | 7.2 HIGH | N/A |
| The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. | |||||