Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0854 | 1 Ffmpeg | 1 Ffmpeg | 2014-01-27 | 9.3 HIGH | N/A |
| The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. | |||||
| CVE-2013-0857 | 1 Ffmpeg | 1 Ffmpeg | 2014-01-27 | 9.3 HIGH | N/A |
| The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. | |||||
| CVE-2013-1024 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-01-27 | 6.8 MEDIUM | N/A |
| CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
| CVE-2012-2807 | 3 Apple, Google, Linux | 3 Iphone Os, Chrome, Linux Kernel | 2014-01-27 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-2825 | 1 Google | 1 Chrome | 2014-01-27 | 5.0 MEDIUM | N/A |
| The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | |||||
| CVE-2012-2870 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxslt | 2014-01-27 | 4.3 MEDIUM | N/A |
| libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. | |||||
| CVE-2013-7248 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2014-01-27 | 10.0 HIGH | N/A |
| Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. | |||||
| CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2014-01-27 | 5.0 MEDIUM | N/A |
| cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | |||||
| CVE-2013-5350 | 1 Tejimaya | 1 Openpne | 2014-01-24 | 7.5 HIGH | N/A |
| The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object. | |||||
| CVE-2014-0615 | 1 Juniper | 1 Junos | 2014-01-24 | 7.2 HIGH | N/A |
| Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | |||||
| CVE-2014-0616 | 1 Juniper | 1 Junos | 2014-01-24 | 7.1 HIGH | N/A |
| Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. | |||||
| CVE-2013-5669 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2014-01-24 | 7.8 HIGH | N/A |
| The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-5668 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2014-01-24 | 7.8 HIGH | N/A |
| The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content. | |||||
| CVE-2013-5667 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2014-01-24 | 10.0 HIGH | N/A |
| The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. | |||||
| CVE-2013-4130 | 2 Canonical, Spice Project | 2 Ubuntu Linux, Spice | 2014-01-23 | 5.0 MEDIUM | N/A |
| The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. | |||||
| CVE-2012-6535 | 1 Djvulibre Project | 1 Djvulibre | 2014-01-23 | 9.3 HIGH | N/A |
| DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | |||||
| CVE-2012-6607 | 1 Augeas | 1 Augeas | 2014-01-23 | 3.3 LOW | N/A |
| The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | |||||
| CVE-2012-0786 | 1 Augeas | 1 Augeas | 2014-01-23 | 3.3 LOW | N/A |
| The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. | |||||
| CVE-2013-7313 | 1 Juniper | 3 Junos, Junose, Screenos | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7314 | 1 Nec | 12 Ip38x 1000, Ip38x 105, Ip38x 107e and 9 more | 2014-01-23 | 6.8 MEDIUM | N/A |
| The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||