Latest CVE Feed
-
5.0
MEDIUMCVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executi... Read more
Affected Products : vtiger_crm- Published: Nov. 16, 2014
- Modified: Apr. 12, 2025
-
6.4
MEDIUMCVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider use... Read more
- Published: Nov. 16, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-2683
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ... Read more
- Published: Nov. 16, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-2682
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ... Read more
- Published: Nov. 16, 2014
- Modified: Apr. 12, 2025
-
6.4
MEDIUMCVE-2014-2681
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ... Read more
- Published: Nov. 16, 2014
- Modified: Apr. 12, 2025
-
6.4
MEDIUMCVE-2014-8566
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."... Read more
- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
4.6
MEDIUMCVE-2014-5388
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruptio... Read more
- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-3502
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.... Read more
Affected Products : cordova- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-3501
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.... Read more
Affected Products : cordova- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
6.4
MEDIUMCVE-2014-3500
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.... Read more
Affected Products : cordova- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-3158
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] securit... Read more
- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-4975
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger... Read more
- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-3707
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read s... Read more
- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2014-7998
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.... Read more
Affected Products : ios aironet_ap1131 aironet_ap1200 aironet_ap1240 aironet_ap1100 aironet_ap1130ag aironet_ap1230ag aironet_ap1240ag aironet_ap1300 aironet_ap1400 +11 more products- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2014-7997
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a ... Read more
Affected Products : ios aironet_ap1131 aironet_ap1200 aironet_ap1240 aironet_ap1100 aironet_ap1130ag aironet_ap1230ag aironet_ap1240ag aironet_ap1300 aironet_ap1400 +11 more products- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-7248
Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.... Read more
Affected Products : ilogscanner- Published: Nov. 15, 2014
- Modified: Apr. 12, 2025
-
9.4
HIGHCVE-2014-8567
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.... Read more
- Published: Nov. 14, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-7815
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.... Read more
Affected Products : ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_eus qemu virtualization +2 more products- Published: Nov. 14, 2014
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.... Read more
- Published: Nov. 14, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core dev... Read more
Affected Products : unified_communications_manager- Published: Nov. 14, 2014
- Modified: Apr. 12, 2025