Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-7266 |
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983. Published: February 01, 2015; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-0926 |
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. Published: January 31, 2015; 9:59:07 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-0870 |
Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 31, 2015; 9:59:06 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8268 |
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. Published: January 31, 2015; 9:59:05 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-8267 |
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. Published: January 31, 2015; 9:59:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8266 |
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. Published: January 31, 2015; 9:59:03 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-7288 |
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. Published: January 31, 2015; 9:59:02 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2014-7287 |
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. Published: January 31, 2015; 9:59:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4632 |
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. Published: January 31, 2015; 9:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9161 |
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Published: January 30, 2015; 6:59:50 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-8840 |
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. Published: January 30, 2015; 6:59:49 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8839 |
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. Published: January 30, 2015; 6:59:48 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8838 |
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. Published: January 30, 2015; 6:59:47 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8837 |
Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Published: January 30, 2015; 6:59:46 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-8836 |
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. Published: January 30, 2015; 6:59:45 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-8835 |
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. Published: January 30, 2015; 6:59:44 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-8834 |
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. Published: January 30, 2015; 6:59:43 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-8833 |
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. Published: January 30, 2015; 6:59:43 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-8832 |
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. Published: January 30, 2015; 6:59:42 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-8831 |
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. Published: January 30, 2015; 6:59:41 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |