Weekly Vulnerabilities Reports > January 13 to 19, 2014
Overview
202 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 56 vendors including Oracle, Redhat, Microsoft, Cisco, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Cross-Site Request Forgery (CSRF)".
- 175 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 138 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-16 | CVE-2014-0650 | Cisco | Improper Input Validation vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | 10.0 |
2014-01-16 | CVE-2014-0648 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | 10.0 |
2014-01-15 | CVE-2014-0496 | Adobe Apple Microsoft | Resource Management Errors vulnerability in Adobe Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-01-15 | CVE-2014-0495 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493. | 10.0 |
2014-01-15 | CVE-2014-0493 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495. | 10.0 |
2014-01-15 | CVE-2014-0492 | Adobe Apple Microsoft Linux | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." | 10.0 |
2014-01-15 | CVE-2014-0491 | Adobe Apple Microsoft Linux | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors. | 10.0 |
2014-01-15 | CVE-2014-1201 | Lorex Technology Lorextechnology | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter. | 10.0 |
2014-01-15 | CVE-2014-0428 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | 10.0 |
2014-01-15 | CVE-2014-0422 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. | 10.0 |
2014-01-15 | CVE-2014-0415 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424. | 10.0 |
2014-01-15 | CVE-2014-0410 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. | 10.0 |
2014-01-15 | CVE-2013-5907 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
2014-01-15 | CVE-2013-2820 | Sierrawireless | Improper Authentication vulnerability in Sierrawireless products The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | 10.0 |
2014-01-19 | CVE-2013-3483 | Hexagon | Buffer Errors vulnerability in Hexagon Erdas ER Viewer 11.04/13.0.1.1298/13.00.0001 Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ERS file. | 9.3 |
2014-01-19 | CVE-2013-3482 | Hexagon | Buffer Errors vulnerability in Hexagon Erdas ER Viewer 11.04/13.0.1.1298/13.00.0001 Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file. | 9.3 |
2014-01-15 | CVE-2014-0260 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." | 9.3 |
2014-01-15 | CVE-2014-0259 | Microsoft | Buffer Errors vulnerability in Microsoft Office Compatibility Pack and Word Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." | 9.3 |
2014-01-15 | CVE-2014-0258 | Microsoft | Buffer Errors vulnerability in Microsoft Office Compatibility Pack, Word and Word Viewer Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." | 9.3 |
2014-01-15 | CVE-2013-5889 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. | 9.3 |
2014-01-15 | CVE-2014-0417 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 9.3 |
2014-01-15 | CVE-2014-0408 | Oracle | Unspecified vulnerability in Oracle JRE 1.7.0 Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 9.3 |
2014-01-15 | CVE-2014-0385 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 9.3 |
2014-01-15 | CVE-2013-5893 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 9.3 |
2014-01-15 | CVE-2013-2819 | Sierrawireless | Credentials Management vulnerability in Sierrawireless products The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. | 9.3 |
2014-01-16 | CVE-2014-0649 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | 9.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-15 | CVE-2014-0387 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 7.6 |
2014-01-17 | CVE-2014-0792 | Sonatype | Code Injection vulnerability in Sonatype Nexus Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. | 7.5 |
2014-01-16 | CVE-2012-6626 | Brian Cabunac | SQL Injection vulnerability in Brian Cabunac Browser TO Email Phone Message System 1.0 SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2014-01-16 | CVE-2012-6625 | Vasthtml | SQL Injection vulnerability in Vasthtml Forumpress SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action. | 7.5 |
2014-01-16 | CVE-2013-6643 | Google Apple Linux Opensuse Microsoft Debian | Improper Authentication vulnerability in multiple products The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | 7.5 |
2014-01-15 | CVE-2013-5878 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | 7.5 |
2014-01-15 | CVE-2013-5785 | Oracle | Remote Security vulnerability in Oracle Reports Developer Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security and Authentication. | 7.5 |
2014-01-15 | CVE-2014-1466 | CSP Mysql User Manager Project | SQL Injection vulnerability in CSP Mysql User Manager Project CSP Mysql User Manager 2.3 SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | 7.5 |
2014-01-15 | CVE-2014-1206 | Openwebanalytics | SQL Injection vulnerability in Openwebanalytics Open web Analytics SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php. | 7.5 |
2014-01-15 | CVE-2014-0424 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418. | 7.5 |
2014-01-15 | CVE-2014-0373 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. | 7.5 |
2014-01-15 | CVE-2013-2827 | Wellintech | Code Injection vulnerability in Wellintech Kingalarm&Event, Kinggraphic and Kingscada An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value. | 7.5 |
2014-01-15 | CVE-2014-0262 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7 and Windows Server 2008 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | 7.2 |
2014-01-15 | CVE-2014-0615 | Juniper | Permissions, Privileges, and Access Controls vulnerability in Juniper Junos Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | 7.2 |
2014-01-15 | CVE-2013-3830 | Oracle | Remote Security vulnerability in Oracle Hyperion Interactive Reporting 11.1.2.1/11.1.2.2 Unspecified vulnerability in the Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server. | 7.1 |
2014-01-15 | CVE-2014-0617 | Juniper | Denial of Service vulnerability in Juniper Junos 'SRX Series Services' Gateway Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. | 7.1 |
2014-01-15 | CVE-2014-0616 | Juniper | Race Condition vulnerability in Juniper Junos Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. | 7.1 |
2014-01-15 | CVE-2014-0613 | Juniper | Unspecified vulnerability in Juniper Junos The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.1 |
119 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-14 | CVE-2013-6123 | Codeaurora Qualcomm | Improper Input Validation vulnerability in multiple products Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. | 6.9 |
2014-01-17 | CVE-2014-1211 | Vmware | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vcloud Director 5.1.0/5.1.1/5.1.2 Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | 6.8 |
2014-01-17 | CVE-2013-7204 | Conceptronic | Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl and Cipcamptiwl 1.0 Firmware Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. | 6.8 |
2014-01-16 | CVE-2012-6631 | Vessio | Cross-Site Request Forgery (CSRF) vulnerability in Vessio Netbill 1.2 Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action. | 6.8 |
2014-01-16 | CVE-2012-6629 | Xyzscripts | Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. | 6.8 |
2014-01-16 | CVE-2014-1473 | Mcafee | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." | 6.8 |
2014-01-15 | CVE-2013-5882 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. | 6.8 |
2014-01-15 | CVE-2013-5879 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.4/8.4.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. | 6.8 |
2014-01-15 | CVE-2013-5870 | Redhat HP Oracle | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | 6.8 |
2014-01-15 | CVE-2013-5860 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | 6.8 |
2014-01-15 | CVE-2013-7107 | Icinga | Cross-Site Request Forgery (CSRF) vulnerability in Icinga Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106. | 6.8 |
2014-01-15 | CVE-2013-5904 | Oracle Redhat HP | Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 6.8 |
2014-01-15 | CVE-2013-7106 | Icinga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Icinga Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. | 6.5 |
2014-01-15 | CVE-2013-7205 | Nagios | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nagios Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. | 6.4 |
2014-01-15 | CVE-2013-2826 | Wellintech | Permissions, Privileges, and Access Controls vulnerability in Wellintech Kingalarm&Event, Kinggraphic and Kingscada WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. | 6.4 |
2014-01-16 | CVE-2014-0667 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. | 6.3 |
2014-01-15 | CVE-2014-0400 | Oracle | Remote Security vulnerability in Oracle Internet Directory Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server. | 6.3 |
2014-01-15 | CVE-2013-5834 | SUN | Local Security vulnerability in SUN Sunos 5.8 Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps. | 6.2 |
2014-01-13 | CVE-2010-0746 | Fedoraproject | Path Traversal vulnerability in Fedoraproject Fedora 11/12 Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. | 6.2 |
2014-01-18 | CVE-2013-1740 | Mozilla | Cryptographic Issues vulnerability in Mozilla Network Security Services The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. | 5.8 |
2014-01-15 | CVE-2014-0403 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375. | 5.8 |
2014-01-15 | CVE-2014-0375 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403. | 5.8 |
2014-01-15 | CVE-2013-5890 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting. | 5.5 |
2014-01-15 | CVE-2014-0423 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. | 5.5 |
2014-01-15 | CVE-2014-0372 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others. | 5.5 |
2014-01-15 | CVE-2014-0367 | Oracle | Remote Security vulnerability in Oracle Hyperion 11.1.2.1/11.1.2.2/11.1.2.3 Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console. | 5.5 |
2014-01-15 | CVE-2013-7108 | Nagios Icinga | Improper Input Validation vulnerability in multiple products Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. | 5.5 |
2014-01-15 | CVE-2013-5897 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.0.0/6.1.0/6.1.1.0 Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Manage Data Cache. | 5.5 |
2014-01-15 | CVE-2014-0419 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications. | 5.1 |
2014-01-15 | CVE-2014-0418 | Redhat Oracle HP | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424. | 5.1 |
2014-01-15 | CVE-2013-5906 | Redhat Oracle HP | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905. | 5.1 |
2014-01-15 | CVE-2013-5905 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906. | 5.1 |
2014-01-15 | CVE-2013-5902 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. | 5.1 |
2014-01-16 | CVE-2013-6642 | Unspecified vulnerability in Google Chrome Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | 5.0 | |
2014-01-16 | CVE-2013-7294 | Libreswan | Improper Input Validation vulnerability in Libreswan The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | 5.0 |
2014-01-15 | CVE-2013-7293 | Asus | Improper Access Control vulnerability in Asus Wl-330Nul The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | 5.0 |
2014-01-15 | CVE-2013-5887 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. | 5.0 |
2014-01-15 | CVE-2013-5884 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. | 5.0 |
2014-01-15 | CVE-2013-5880 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 12.2.0/12.2.1/12.2.2 Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | 5.0 |
2014-01-15 | CVE-2013-5877 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | 5.0 |
2014-01-15 | CVE-2013-5873 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker. | 5.0 |
2014-01-15 | CVE-2013-5869 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0/11.1.1.7.0/11.1.1.8.0 Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service. | 5.0 |
2014-01-15 | CVE-2013-5853 | Oracle | Core RDBMS Remote Security vulnerability in Oracle Database Server 11.1.0.7/11.2.0.3/12.1.0.1 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2014-01-15 | CVE-2013-5795 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. | 5.0 |
2014-01-15 | CVE-2014-0443 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security. | 5.0 |
2014-01-15 | CVE-2014-0441 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker. | 5.0 |
2014-01-15 | CVE-2014-0416 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. | 5.0 |
2014-01-15 | CVE-2014-0398 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Discoverer. | 5.0 |
2014-01-15 | CVE-2014-0396 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services. | 5.0 |
2014-01-15 | CVE-2014-0395 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0394. | 5.0 |
2014-01-15 | CVE-2014-0394 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395. | 5.0 |
2014-01-15 | CVE-2014-0391 | Oracle | Remote Security vulnerability in Oracle Identity Manager Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to End User Self Service. | 5.0 |
2014-01-15 | CVE-2014-0376 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. | 5.0 |
2014-01-15 | CVE-2014-0369 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2015-0366. | 5.0 |
2014-01-15 | CVE-2014-0368 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. | 5.0 |
2014-01-15 | CVE-2013-5910 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. | 5.0 |
2014-01-15 | CVE-2013-5899 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | 5.0 |
2014-01-15 | CVE-2013-5896 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. | 5.0 |
2014-01-15 | CVE-2013-5895 | Redhat HP Oracle | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | 5.0 |
2014-01-15 | CVE-2013-5876 | Oracle SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. | 4.9 |
2014-01-15 | CVE-2013-5833 | SUN | Local Security vulnerability in SUN Sunos 5.8/5.9 Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem. | 4.9 |
2014-01-15 | CVE-2013-5909 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Org and Workforce Dev. | 4.9 |
2014-01-13 | CVE-2013-7239 | Memcached | Improper Authentication vulnerability in Memcached memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | 4.8 |
2014-01-15 | CVE-2013-5888 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 4.6 |
2014-01-15 | CVE-2013-5821 | Oracle SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. | 4.6 |
2014-01-19 | CVE-2013-1438 | Dave Coffin | NULL Pointer Dereference Denial of Service vulnerability in LibRaw Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference. | 4.3 |
2014-01-17 | CVE-2014-1207 | Vmware | Denial of Service vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. | 4.3 |
2014-01-17 | CVE-2013-7243 | GET Simple | Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.1.2/3.2.3 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. | 4.3 |
2014-01-16 | CVE-2012-6632 | Vessio | Cross-Site Scripting vulnerability in Vessio Netbill 1.2 Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php. | 4.3 |
2014-01-16 | CVE-2012-6630 | Rick Mead | Cross-Site Scripting vulnerability in Rick Mead Media Library Categories 1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php. | 4.3 |
2014-01-16 | CVE-2012-6628 | Xyzscripts | Cross-Site Scripting vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2 Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options. | 4.3 |
2014-01-16 | CVE-2012-6627 | Xyzscripts | Cross-Site Scripting vulnerability in Xyzscripts Newsletter Manager 1.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2014-01-16 | CVE-2012-6624 | Mightymess | Cross-Site Scripting vulnerability in Mightymess Soundcloud IS Gold 2.1 Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php. | 4.3 |
2014-01-16 | CVE-2012-6623 | Vasthtml | Cross-Site Scripting vulnerability in Vasthtml Forumpress Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php. | 4.3 |
2014-01-16 | CVE-2012-6622 | Vasthtml | Cross-Site Scripting vulnerability in Vasthtml Forumpress Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action. | 4.3 |
2014-01-16 | CVE-2012-6621 | GET Simple | Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php. | 4.3 |
2014-01-16 | CVE-2012-6620 | Horde | Cross-Site Scripting vulnerability in Horde Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-01-16 | CVE-2013-6325 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. | 4.3 |
2014-01-16 | CVE-2014-0666 | Cisco | Path Traversal vulnerability in Cisco Jabber Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | 4.3 |
2014-01-16 | CVE-2014-1472 | Mcafee | Cross-Site Scripting vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-01-15 | CVE-2013-6142 | Aveva | Resource Management Errors vulnerability in Aveva Clearscada 2010/2013 DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. | 4.3 |
2014-01-15 | CVE-2013-5886 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects. | 4.3 |
2014-01-15 | CVE-2014-0445 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381. | 4.3 |
2014-01-15 | CVE-2014-0434 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.0.0/6.1.0/6.1.1.0 Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation. | 4.3 |
2014-01-15 | CVE-2014-0433 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling. | 4.3 |
2014-01-15 | CVE-2014-0390 | SUN | Remote Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. | 4.3 |
2014-01-15 | CVE-2014-0389 | Oracle | Remote Security vulnerability in Oracle Ilearning 6.0 Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. | 4.3 |
2014-01-15 | CVE-2014-0382 | Oracle HP Redhat | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. | 4.3 |
2014-01-15 | CVE-2014-0380 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF). | 4.3 |
2014-01-15 | CVE-2014-0379 | Oracle | HTML Injection vulnerability in Oracle products Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others. | 4.3 |
2014-01-15 | CVE-2014-0374 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events. | 4.3 |
2014-01-15 | CVE-2013-5901 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0 Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to Identity Console. | 4.3 |
2014-01-15 | CVE-2013-5900 | Oracle | Remote Security vulnerability in Oracle Identity Manager Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vectors related to End User Self Service. | 4.3 |
2014-01-15 | CVE-2014-0378 | Oracle | Local Security vulnerability in Oracle Database Server Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 4.1 |
2014-01-17 | CVE-2013-7295 | Torproject | Cryptographic Issues vulnerability in Torproject TOR Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | 4.0 |
2014-01-16 | CVE-2013-6687 | Cisco | Credentials Management vulnerability in Cisco Webex Meetings Server The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | 4.0 |
2014-01-15 | CVE-2014-0261 | Microsoft | Improper Input Validation vulnerability in Microsoft Dynamics AX 2009/2012/4.0 Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability." | 4.0 |
2014-01-15 | CVE-2014-0665 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. | 4.0 |
2014-01-15 | CVE-2013-5881 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431. | 4.0 |
2014-01-15 | CVE-2013-5858 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370. | 4.0 |
2014-01-15 | CVE-2014-0440 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology. | 4.0 |
2014-01-15 | CVE-2014-0439 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution. | 4.0 |
2014-01-15 | CVE-2014-0438 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor. | 4.0 |
2014-01-15 | CVE-2014-0435 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security. | 4.0 |
2014-01-15 | CVE-2014-0425 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2014-01-15 | CVE-2014-0412 | Oracle Mariadb Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2014-01-15 | CVE-2014-0411 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. | 4.0 |
2014-01-15 | CVE-2014-0402 | Oracle Mariadb Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. | 4.0 |
2014-01-15 | CVE-2014-0401 | Oracle Mariadb Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2014-01-15 | CVE-2014-0399 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security. | 4.0 |
2014-01-15 | CVE-2014-0392 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2014-01-15 | CVE-2014-0388 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev. | 4.0 |
2014-01-15 | CVE-2014-0386 | Oracle Mariadb Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2014-01-15 | CVE-2014-0377 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables. | 4.0 |
2014-01-15 | CVE-2014-0366 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments. | 4.0 |
2014-01-15 | CVE-2014-0031 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | 4.0 |
2014-01-15 | CVE-2013-5898 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403. | 4.0 |
2014-01-15 | CVE-2013-5894 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2014-01-15 | CVE-2013-5891 | Oracle Mariadb Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | 4.0 |
39 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-16 | CVE-2013-6725 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-01-16 | CVE-2013-6330 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.5 |
2014-01-15 | CVE-2013-5871 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1 Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2014-0444. | 3.5 |
2014-01-15 | CVE-2013-5868 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1 Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444. | 3.5 |
2014-01-15 | CVE-2013-5764 | Oracle | Remote Security vulnerability in Oracle Database Server 11.1.0.7/11.2.0.3/12.1.0.1 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. | 3.5 |
2014-01-15 | CVE-2014-0444 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 20.1.1 Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871. | 3.5 |
2014-01-15 | CVE-2014-0437 | Oracle Debian Canonical Mariadb Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 3.5 |
2014-01-15 | CVE-2014-0431 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881. | 3.5 |
2014-01-15 | CVE-2014-0427 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS. | 3.5 |
2014-01-15 | CVE-2014-0407 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405. | 3.5 |
2014-01-15 | CVE-2014-0405 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407. | 3.5 |
2014-01-15 | CVE-2014-0383 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0 Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console. | 3.5 |
2014-01-15 | CVE-2014-0371 | Oracle | Cross-Site Scripting vulnerability in Oracle products Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others. | 3.5 |
2014-01-15 | CVE-2013-5892 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | 3.5 |
2014-01-13 | CVE-2013-7292 | Vasco | Improper Authentication vulnerability in Vasco Identikey Authentication Server 3.4 VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password. | 3.5 |
2014-01-19 | CVE-2013-2142 | Libimobiledevice | Link Following vulnerability in Libimobiledevice 1.1.4 userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. | 3.3 |
2014-01-17 | CVE-2014-1208 | Vmware | Local Denial Of Service vulnerability in Multiple VMWare Products VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. | 3.3 |
2014-01-15 | CVE-2013-5883 | SUN | Local Security vulnerability in SUN Sunos 5.8 Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel. | 3.2 |
2014-01-15 | CVE-2014-0430 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. | 2.8 |
2014-01-15 | CVE-2014-0420 | Oracle Debian Canonical Redhat Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. | 2.8 |
2014-01-15 | CVE-2014-0370 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report. | 2.8 |
2014-01-15 | CVE-2013-6398 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | 2.8 |
2014-01-19 | CVE-2013-4375 | Qemu XEN | Resource Management Errors vulnerability in multiple products The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. | 2.7 |
2014-01-15 | CVE-2013-5875 | Oracle | Local Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC). | 2.7 |
2014-01-19 | CVE-2013-7078 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. | 2.6 |
2014-01-19 | CVE-2013-0244 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. | 2.6 |
2014-01-18 | CVE-2013-2037 | Canonical Httplib2 Project | Improper Input Validation vulnerability in multiple products httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2.6 |
2014-01-16 | CVE-2013-2139 | Fedoraproject Opensuse Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | 2.6 |
2014-01-15 | CVE-2013-5808 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 4.0 Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administration. | 2.6 |
2014-01-15 | CVE-2014-0381 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445. | 2.6 |
2014-01-14 | CVE-2014-0591 | ISC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Bind The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. | 2.6 |
2014-01-15 | CVE-2014-0406 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404. | 2.4 |
2014-01-15 | CVE-2014-0404 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406. | 2.4 |
2014-01-15 | CVE-2013-5872 | Oracle SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). | 2.1 |
2014-01-13 | CVE-2013-7291 | Memcached | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290. | 1.8 |
2014-01-13 | CVE-2013-7290 | Memcached | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179. | 1.8 |
2014-01-13 | CVE-2013-0179 | Memcached | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. | 1.8 |
2014-01-15 | CVE-2013-5885 | Oracle | Local Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit. | 1.7 |
2014-01-15 | CVE-2013-5874 | Oracle | Local Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown vectors related to Logging. | 1.7 |