Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1986 | 1 Kokuyo | 1 Camiapp | 2014-04-19 | 5.8 MEDIUM | N/A |
| The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. | |||||
| CVE-2013-1919 | 1 Xen | 1 Xen | 2014-04-19 | 4.7 MEDIUM | N/A |
| Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." | |||||
| CVE-2014-0071 | 1 Redhat | 1 Openstack | 2014-04-17 | 6.4 MEDIUM | N/A |
| PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | |||||
| CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2014-04-17 | 3.6 LOW | N/A |
| The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
| CVE-2013-1764 | 1 Packagekit Project | 1 Packagekit | 2014-04-17 | 2.1 LOW | N/A |
| The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. | |||||
| CVE-2011-4089 | 1 Bzip | 1 Bzip2 | 2014-04-17 | 4.6 MEDIUM | N/A |
| The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | |||||
| CVE-2014-2865 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 7.5 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation. | |||||
| CVE-2014-2862 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 6.5 MEDIUM | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | |||||
| CVE-2014-0642 | 1 Emc | 1 Documentum Content Server | 2014-04-16 | 5.5 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. | |||||
| CVE-2014-2859 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 7.5 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request. | |||||
| CVE-2014-2690 | 1 Citrix | 1 Vdi-in-a-box | 2014-04-16 | 2.1 LOW | N/A |
| Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | |||||
| CVE-2014-2849 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-04-14 | 8.5 HIGH | N/A |
| The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||||
| CVE-2014-2742 | 1 Isode | 1 M-link | 2014-04-11 | 7.8 HIGH | N/A |
| Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2829 | 1 Erlang-solutions | 1 Mongooseim | 2014-04-11 | 7.8 HIGH | N/A |
| Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2746 | 1 Tigase | 1 Tigase | 2014-04-11 | 7.8 HIGH | N/A |
| net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2014-2743 | 1 Lightwitch | 1 Metronome | 2014-04-11 | 7.8 HIGH | N/A |
| plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2013-7367 | 1 Sap | 1 Enterprise Portal | 2014-04-11 | 7.5 HIGH | N/A |
| SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2014-04-11 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
| CVE-2014-0592 | 2 Crowbar, Novell | 2 Barclamp, Suse Cloud | 2014-04-04 | 7.5 HIGH | N/A |
| Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs. | |||||
| CVE-2013-6770 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2014-04-03 | 7.6 HIGH | N/A |
| The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | |||||