Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7179 | 1 Seowonintech | 1 Swc-9100 | 2024-02-04 | 8.3 HIGH | N/A |
| The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. | |||||
| CVE-2014-2194 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | |||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 3.5 LOW | N/A |
| Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | |||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2024-02-04 | 7.7 HIGH | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2014-8510 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-02-04 | 4.0 MEDIUM | N/A |
| The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. | |||||
| CVE-2014-6322 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability." | |||||
| CVE-2014-1725 | 1 Google | 1 Chrome | 2024-02-04 | 5.0 MEDIUM | N/A |
| The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. | |||||
| CVE-2014-3775 | 1 Libgadu | 1 Libgadu | 2024-02-04 | 7.5 HIGH | N/A |
| libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message. | |||||
| CVE-2014-6328 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365. | |||||
| CVE-2014-6209 | 1 Ibm | 1 Db2 | 2024-02-04 | 4.0 MEDIUM | N/A |
| IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. | |||||
| CVE-2014-2986 | 1 Xen | 1 Xen | 2024-02-04 | 5.5 MEDIUM | N/A |
| The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. | |||||
| CVE-2010-5077 | 3 Ioquake3, Openarena, Tremulous | 3 Ioquake3 Engine, Openarena, Tremulous | 2024-02-04 | 7.8 HIGH | N/A |
| server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request. | |||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-04 | 10.0 HIGH | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
| CVE-2014-0679 | 1 Cisco | 1 Prime Infrastructure | 2024-02-04 | 9.0 HIGH | N/A |
| Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. | |||||
| CVE-2015-1105 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 5.0 MEDIUM | N/A |
| The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. | |||||
| CVE-2015-2819 | 1 Sap | 1 Sql Anywhere | 2024-02-04 | 5.0 MEDIUM | N/A |
| SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||||
| CVE-2014-2286 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2024-02-04 | 7.5 HIGH | N/A |
| main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. | |||||
| CVE-2013-4250 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | N/A |
| The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file. | |||||
| CVE-2014-2285 | 1 Net-snmp | 1 Net-snmp | 2024-02-04 | 4.3 MEDIUM | N/A |
| The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. | |||||
| CVE-2014-0923 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2024-02-04 | 4.3 MEDIUM | N/A |
| IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. | |||||