Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7312 | 1 Enterasys | 9 C5, G3, K10 and 6 more | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7311 | 1 Checkpoint | 2 Gaia Os, Ipso Os | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7310 | 1 Yamaha | 14 Fwx120, Rt105, Rt107e and 11 more | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7309 | 1 Extremenetworks | 1 Exos | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7308 | 1 Dlink | 2 Des-3810-28, Des-3810-28 Firmware | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7307 | 1 Brocade | 2 Vyatta Vrouter, Vyatta Vrouter Software | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-7306 | 1 Brocade | 11 Adx, Bigiron Rx, Fastiron and 8 more | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-6443 | 1 Redhat | 2 Cloudforms, Cloudforms 3.0 Management Engine | 2014-01-23 | 6.8 MEDIUM | N/A |
| CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. | |||||
| CVE-2013-6448 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. | |||||
| CVE-2013-6447 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. | |||||
| CVE-2014-0807 | 1 Lockon | 1 Ec-cube | 2014-01-23 | 6.4 MEDIUM | N/A |
| data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. | |||||
| CVE-2014-0808 | 1 Lockon | 1 Ec-cube | 2014-01-23 | 5.0 MEDIUM | N/A |
| The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors. | |||||
| CVE-2013-6412 | 1 Augeas | 1 Augeas | 2014-01-23 | 4.6 MEDIUM | N/A |
| The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | |||||
| CVE-2013-7305 | 1 E107 | 1 E107 | 2014-01-23 | 4.3 MEDIUM | N/A |
| fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | |||||
| CVE-2013-2750 | 1 E107 | 1 E107 | 2014-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2013-4160 | 1 Littlecms | 1 Little Cms Color Engine | 2014-01-22 | 5.0 MEDIUM | N/A |
| Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. | |||||
| CVE-2013-1769 | 1 Simon Mcvittie | 1 Telepathy Gabble | 2014-01-22 | 5.0 MEDIUM | N/A |
| A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message. | |||||
| CVE-2013-0157 | 1 Kernel | 1 Util-linux | 2014-01-22 | 2.1 LOW | N/A |
| (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | |||||
| CVE-2013-6922 | 1 Seagate | 2 Blackarmor Nas 220, Blackarmor Nas 220 Firmware | 2014-01-22 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes. | |||||
| CVE-2013-3482 | 1 Hexagon | 1 Erdas Er Viewer | 2014-01-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file. | |||||