Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3018 |
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets. Published: January 17, 2015; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-9199 |
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. Published: January 16, 2015; 9:59:06 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9195 |
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. Published: January 16, 2015; 9:59:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9194 |
Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. Published: January 16, 2015; 9:59:04 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-8143 |
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Published: January 16, 2015; 9:59:03 PM -0500 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2014-5419 |
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. Published: January 16, 2015; 9:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-5418 |
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. Published: January 16, 2015; 9:59:01 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-2355 |
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. Published: January 16, 2015; 9:59:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-9604 |
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. Published: January 16, 2015; 3:59:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9603 |
The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. Published: January 16, 2015; 3:59:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9602 |
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. Published: January 16, 2015; 3:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1029 |
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. Published: January 16, 2015; 11:59:22 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-0222 |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. Published: January 16, 2015; 11:59:21 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0221 |
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. Published: January 16, 2015; 11:59:20 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0220 |
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. Published: January 16, 2015; 11:59:19 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0219 |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. Published: January 16, 2015; 11:59:18 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9601 |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Published: January 16, 2015; 11:59:17 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9496 |
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Published: January 16, 2015; 11:59:16 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-9480 |
Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts. Published: January 16, 2015; 11:59:15 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9479 |
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox. Published: January 16, 2015; 11:59:14 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |