Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0888 | 1 Ibm | 2 Mobile Foundation, Worklight | 2017-08-29 | 4.9 MEDIUM | N/A |
| IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors. | |||||
| CVE-2014-0665 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-29 | 4.0 MEDIUM | N/A |
| The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. | |||||
| CVE-2014-3070 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-0557 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2017-08-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||
| CVE-2014-3333 | 1 Cisco | 1 Unity Connection | 2017-08-29 | 9.0 HIGH | N/A |
| The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. | |||||
| CVE-2014-3063 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2017-08-29 | 7.5 HIGH | N/A |
| IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges via unspecified vectors. | |||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2017-08-29 | 8.5 HIGH | N/A |
| EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | |||||
| CVE-2014-2593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2017-08-29 | 9.0 HIGH | N/A |
| The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | |||||
| CVE-2014-0960 | 1 Ibm | 1 Pureapplication System | 2017-08-29 | 6.6 MEDIUM | N/A |
| IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. | |||||
| CVE-2014-1626 | 1 Galen Charlton | 1 Marc-xml | 2017-08-29 | 5.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file. | |||||
| CVE-2014-2276 | 1 Emc | 1 Connectrix Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | |||||
| CVE-2013-6728 | 1 Ibm | 1 Websphere Dashboard Framework | 2017-08-29 | 5.8 MEDIUM | N/A |
| The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. | |||||
| CVE-2014-3309 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 5.0 MEDIUM | N/A |
| The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | |||||
| CVE-2013-6730 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. | |||||
| CVE-2014-0678 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 5.5 MEDIUM | N/A |
| The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | |||||
| CVE-2014-0548 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2017-08-29 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2013-6727 | 1 Ibm | 1 Sametime | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-3020 | 1 Ibm | 2 Embedded Websphere Application Server, Tivoli Integrated Portal | 2017-08-29 | 6.9 MEDIUM | N/A |
| install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2014-0905 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-29 | 2.9 LOW | N/A |
| IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2017-08-29 | 2.1 LOW | N/A |
| Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||