Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0364 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2018-01-04 | 7.8 HIGH | N/A |
| Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | |||||
| CVE-2014-0682 | 1 Cisco | 1 Webex Meetings Server | 2018-01-03 | 4.9 MEDIUM | N/A |
| Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346. | |||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2018-01-03 | 8.3 HIGH | N/A |
| The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2014-0686 | 1 Cisco | 1 Unified Communications Manager | 2018-01-03 | 6.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | |||||
| CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2018-01-03 | 9.0 HIGH | N/A |
| The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. | |||||
| CVE-2014-1672 | 1 Checkpoint | 2 Management Server, Security Gateway | 2018-01-03 | 4.0 MEDIUM | N/A |
| Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2018-01-03 | 5.5 MEDIUM | N/A |
| The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||||
| CVE-2014-1643 | 1 Symantec | 1 Encryption Management Server | 2018-01-03 | 4.0 MEDIUM | N/A |
| The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL. | |||||
| CVE-2012-1179 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 5.2 MEDIUM | N/A |
| The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. | |||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2017-12-29 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2012-2267 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2017-12-29 | 5.0 MEDIUM | N/A |
| master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. | |||||
| CVE-2012-0946 | 1 Nvidia | 1 Unix Driver | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||||
| CVE-2012-1942 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-29 | 7.2 HIGH | N/A |
| The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. | |||||
| CVE-2011-3084 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. | |||||
| CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2017-12-29 | 7.5 HIGH | N/A |
| GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | |||||
| CVE-2014-1402 | 1 Pocoo | 1 Jinja2 | 2017-12-22 | 4.4 MEDIUM | N/A |
| The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. | |||||
| CVE-2012-2957 | 1 Symantec | 1 Web Gateway | 2017-12-22 | 7.2 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. | |||||
| CVE-2012-2977 | 1 Symantec | 1 Web Gateway | 2017-12-22 | 5.0 MEDIUM | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. | |||||
| CVE-2014-0534 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2017-12-22 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535. | |||||
| CVE-2014-0535 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2017-12-22 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534. | |||||