Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3349 | 1 Cisco | 1 Cloud Portal | 2024-02-04 | 4.0 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | |||||
| CVE-2013-0334 | 3 Bundler, Fedoraproject, Opensuse | 3 Bundler, Fedora, Opensuse | 2024-02-04 | 5.0 MEDIUM | N/A |
| Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. | |||||
| CVE-2012-6153 | 1 Apache | 1 Commons-httpclient | 2024-02-04 | 4.3 MEDIUM | N/A |
| http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. | |||||
| CVE-2014-1928 | 1 Python-gnupg Project | 1 Python-gnupg | 2024-02-04 | 4.6 MEDIUM | N/A |
| The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | |||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-02-04 | 4.9 MEDIUM | N/A |
| The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | |||||
| CVE-2014-6327 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6329 and CVE-2014-6376. | |||||
| CVE-2014-3310 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | |||||
| CVE-2015-0620 | 1 Cisco | 1 Telepresence Management Suite | 2024-02-04 | 4.0 MEDIUM | N/A |
| The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. | |||||
| CVE-2014-0136 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2024-02-04 | 5.0 MEDIUM | N/A |
| The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. | |||||
| CVE-2014-1828 | 1 Ithoughts | 1 Ithoughtshd | 2024-02-04 | 4.3 MEDIUM | N/A |
| The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file. | |||||
| CVE-2014-0117 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2024-02-04 | 4.3 MEDIUM | N/A |
| The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. | |||||
| CVE-2015-1843 | 1 Redhat | 1 Docker | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | |||||
| CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
| mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||||
| CVE-2014-4617 | 3 Debian, Gnupg, Opensuse | 3 Debian Linux, Gnupg, Opensuse | 2024-02-04 | 5.0 MEDIUM | N/A |
| The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. | |||||
| CVE-2014-0761 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2024-02-04 | 7.1 HIGH | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. | |||||
| CVE-2015-0664 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-04 | 4.3 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. | |||||
| CVE-2014-3271 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 5.0 MEDIUM | N/A |
| The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | |||||
| CVE-2014-2138 | 1 Cisco | 1 Security Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | |||||
| CVE-2014-3379 | 1 Cisco | 3 Ios Xr, Network Convergence System 6000, Network Convergence System 6008 | 2024-02-04 | 6.1 MEDIUM | N/A |
| Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. | |||||
| CVE-2014-9268 | 1 Autodesk | 1 Design Review | 2024-02-04 | 6.8 MEDIUM | N/A |
| The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. | |||||