Latest CVE Feed
-
4.0
MEDIUMCVE-2011-4347
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and ... Read more
Affected Products : linux_kernel- Published: Jun. 08, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0411
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous informat... Read more
- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0672
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.... Read more
Affected Products : mediasense- Published: Jan. 22, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-2151
The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.... Read more
Affected Products : adaptive_security_appliance_software- Published: Jun. 18, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-0220
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.... Read more
Affected Products : cloudera_manager- Published: Jun. 10, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2013-5097
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensit... Read more
- Published: Aug. 16, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0261
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."... Read more
Affected Products : dynamics_ax- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0724
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.... Read more
Affected Products : unified_communications_manager- Published: Feb. 13, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0399
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function... Read more
Affected Products : supply_chain_products_suite- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2016-0691
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.... Read more
- Published: Apr. 21, 2016
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-2588
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.... Read more
Affected Products : asset_manager- Published: Mar. 24, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-125111
A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version... Read more
Affected Products : wp-insert- Published: Apr. 08, 2024
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2009-1017
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.... Read more
Affected Products : application_server- Published: Apr. 15, 2009
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2014-0820
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.... Read more
Affected Products : garoon- Published: Feb. 27, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-0746
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.... Read more
Affected Products : unified_contact_center_express_editor_software- Published: Feb. 27, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-2145
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun9... Read more
Affected Products : unity_connection- Published: Apr. 05, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-2572
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.... Read more
Affected Products : moodle- Published: Mar. 24, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-0412
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more
- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0863
The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified ... Read more
Affected Products : cognos_tm1- Published: Sep. 05, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-0384
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.... Read more
- Published: Apr. 16, 2014
- Modified: Apr. 12, 2025