Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0488 | 1 Debian | 1 Advanced Package Tool | 2024-02-04 | 6.8 MEDIUM | N/A |
| APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | |||||
| CVE-2014-3955 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 5.0 MEDIUM | N/A |
| routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. | |||||
| CVE-2014-1369 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||||
| CVE-2011-4103 | 1 Djangoproject | 1 Piston | 2024-02-04 | 7.5 HIGH | N/A |
| emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. | |||||
| CVE-2014-1267 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 5.8 MEDIUM | N/A |
| The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed. | |||||
| CVE-2014-0106 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2024-02-04 | 6.6 MEDIUM | N/A |
| Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. | |||||
| CVE-2015-1131 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.2 HIGH | N/A |
| fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | |||||
| CVE-2014-3645 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2014-2269 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 6.4 MEDIUM | N/A |
| modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. | |||||
| CVE-2014-4417 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. | |||||
| CVE-2014-3021 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. | |||||
| CVE-2014-2880 | 1 Oracle | 1 Identity Manager | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. | |||||
| CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2024-02-04 | 4.0 MEDIUM | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2014-3395 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. | |||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-0255 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability." | |||||
| CVE-2014-9358 | 1 Docker | 1 Docker | 2024-02-04 | 6.4 MEDIUM | N/A |
| Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | |||||
| CVE-2014-4828 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | |||||
| CVE-2013-2073 | 1 Transifex | 1 Transifex | 2024-02-04 | 4.3 MEDIUM | N/A |
| Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | |||||
| CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 5.8 MEDIUM | N/A |
| dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||||