CVE Daily
← All years

Uncategorized 2015

Page 22/23.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2015-01-21
Medium

CVE-2015-0369

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0368

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affec…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0367

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0366

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0365

Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Se…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-0364

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration B…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2015-0363

Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Bus…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0362

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-9621

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2014-9620

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2014-8152

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

CVSS: 5.0CWE: CWE-254
Read more
Critical

CVE-2014-6601

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2014-6600

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2014-6599

Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 3.5CWE: N/A
Read more
High

CVE-2014-6598

Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, i…

CVSS: 7.6CWE: N/A
Read more
Medium

CVE-2015-1048

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct p…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6597

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect integrity via vectors relat…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2014-6596

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2014-6595

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2CWE: N/A
Read more
Medium

CVE-2014-6594

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Learner Pages.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6593

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2014-6592

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a differe…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2014-6591

Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vuln…

CVSS: 2.6CWE: N/A
Read more
Low

CVE-2014-6590

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2CWE: N/A
Read more
Low

CVE-2014-6589

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2CWE: N/A
Read more
Low

CVE-2014-6588

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2CWE: N/A
Read more
Medium

CVE-2014-6587

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6586

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2014-6585

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2014-6584

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2014-6583

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2014-6582

Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows r…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-6581

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2014-6580

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6579

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vector…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2014-6578

Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrit…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2014-6577

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality v…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2014-6576

Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidenti…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2014-6575

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-6574

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testin…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6573

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors re…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6572

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote atta…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2014-6571

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availabi…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2014-6570

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2014-6569

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

CVSS: 3.5CWE: N/A
Read more
Critical

CVE-2014-6567

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2014-6566

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Po…

CVSS: 4.0CWE: N/A
Read more
High

CVE-2014-6565

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vector…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2014-6556

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confide…

CVSS: 4.6CWE: N/A
Read more
Critical

CVE-2014-6549

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2014-6548

Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B E…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-6541

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affec…

CVSS: 6.3CWE: N/A
Read more
Medium

CVE-2015-0515

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2014-9226

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass i…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2014-6528

Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2014-6526

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2014-6525

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated user…

CVSS: 3.5CWE: N/A
Read more
High

CVE-2014-6524

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2014-6521

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2014-6518

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).

CVSS: 6.6CWE: N/A
Read more
Medium

CVE-2014-6514

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.

CVSS: 4.0CWE: N/A
Read more
High

CVE-2014-6510

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2014-6509

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2014-6481

Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-6480

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vecto…

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2014-4279

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core T…

CVSS: 3.5CWE: N/A
Read more
Critical

CVE-2014-4259

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability vi…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other pro…

CVSS: 4.3CWE: N/A
Read more
2015-01-20
Medium

CVE-2015-1201

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-1030

Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2014-9491

The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecifi…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-9490

The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2014-9330

Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-boun…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2014-8790

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via…

CVSS: 5.0CWE: N/A
Read more
2015-01-18
Medium

CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a co…

CVSS: 5.0CWE: CWE-310
Read more
2015-01-17
High

CVE-2015-0924

Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.

CVSS: 7.8CWE: CWE-255
Read more
Medium

CVE-2014-3019

IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2014-3018

IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets.

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2014-9195

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

CVSS: 7.5CWE: CWE-255
Read more
High

CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccount…

CVSS: 8.5CWE: CWE-264
Read more
Medium

CVE-2014-5419

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key a…

CVSS: 5.0CWE: CWE-310
Read more
High

CVE-2014-5418

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to caus…

CVSS: 7.8CWE: CWE-399
Read more
2015-01-16
High

CVE-2014-9604

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly h…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2014-9602

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a deni…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2015-1029

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate va…

CVSS: 5.0CWE: CWE-17
Read more
Medium

CVE-2015-0221

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of servic…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2015-0219

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,…

CVSS: 5.0CWE: CWE-17
Read more
Low

CVE-2014-9496

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2014-9476

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to a…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2014-9471

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-6386

Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 bef…

CVSS: 7.8CWE: CWE-17
Read more
Medium

CVE-2014-6385

Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2014-6384

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2014-6383

The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.

CVSS: 5.0CWE: CWE-17
Read more
Critical

CVE-2014-3692

The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at…

CVSS: 10.0CWE: CWE-255
Read more
Medium

CVE-2015-1060

Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP…

CVSS: 5.8CWE: N/A
Read more
High

CVE-2014-9600

Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll.

CVSS: 7.2CWE: N/A
Read more
2015-01-15
Medium

CVE-2014-9596

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Dire…

CVSS: 4.3CWE: CWE-310
Read more
Medium

CVE-2015-0591

Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2014-8904

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2014-8034

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing username…

CVSS: 5.0CWE: CWE-255
Read more
Medium

CVE-2015-1051

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing atta…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2014-8870

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbit…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2014-8398

Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3)…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-8397

Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-8396

Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-8395

Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the sam…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-8394

Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2014-8151

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS ses…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2014-0171

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a…

CVSS: 5.0CWE: N/A
Read more
2015-01-14
Medium

CVE-2015-0579

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets,…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2014-8643

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the Open…

CVSS: 7.1CWE: CWE-264
Read more
Medium

CVE-2014-8642

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to…

CVSS: 4.3CWE: CWE-310
Read more
High

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via…

CVSS: 7.5CWE: N/A
Read more
>