Latest CVE Feed
-
5.0
MEDIUMCVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_iss... Read more
Affected Products : mantisbt- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-8117
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.... Read more
- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-8116
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.... Read more
- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
1.9
LOWCVE-2014-7170
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.... Read more
Affected Products : puppet_server- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2013-7402
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.... Read more
Affected Products : c-icap- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9253
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/... Read more
- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2014-5438
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_com... Read more
- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-5437
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote manag... Read more
- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-7880
Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.... Read more
Affected Products : tcp_ip_services_openvms- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.... Read more
Affected Products : web_gateway- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2014-9322
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a G... Read more
Affected Products : android linux_kernel ubuntu_linux enterprise_linux_eus suse_linux_enterprise_server evergreen- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2014-8133
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanis... Read more
Affected Products : linux_kernel- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
9.0
HIGHCVE-2014-4626
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user ... Read more
Affected Products : documentum_content_server- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-8006
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.... Read more
Affected Products : isb8320-e_high-definition_ip-only_dvr- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-6182
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.... Read more
Affected Products : business_process_manager- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-4844
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process app... Read more
Affected Products : business_process_manager- Published: Dec. 17, 2014
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-8248
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.... Read more
- Published: Dec. 16, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-8247
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Dec. 16, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-8246
Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more
- Published: Dec. 16, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-6176
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and uncondi... Read more
Affected Products : business_process_manager websphere_enterprise_service_bus websphere_process_server- Published: Dec. 16, 2014
- Modified: Apr. 12, 2025