Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2014-6315 Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ca... | N/A | NONE | — | 0 |
| CVE-2014-7139 Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbit... | N/A | NONE | — | 0 |
| CVE-2014-6934 The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s... | N/A | NONE | — | 0 |
| CVE-2014-7200 Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web ... | N/A | NONE | — | 0 |
| CVE-2014-7201 Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to e... | N/A | NONE | — | 0 |
| CVE-2014-6887 The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain ... | N/A | NONE | — | 0 |
| CVE-2014-6891 The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve... | N/A | NONE | — | 0 |
| CVE-2014-6904 The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob... | N/A | NONE | — | 0 |
| CVE-2014-6935 The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof se... | N/A | NONE | — | 0 |
| CVE-2014-6936 The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se... | N/A | NONE | — | 0 |
| CVE-2014-6937 The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ser... | N/A | NONE | — | 0 |
| CVE-2014-6938 The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti... | N/A | NONE | — | 0 |
| CVE-2014-6939 The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to... | N/A | NONE | — | 0 |
| CVE-2014-6940 The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle... | N/A | NONE | — | 0 |
| CVE-2014-6941 The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se... | N/A | NONE | — | 0 |
| CVE-2014-5327 Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. | N/A | NONE | — | 0 |
| CVE-2014-5328 Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API se... | N/A | NONE | — | 0 |
| CVE-2014-1571 Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment info... | N/A | NONE | — | 0 |
| CVE-2014-1572 The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x bef... | N/A | NONE | — | 0 |
| CVE-2014-3818 Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before... | N/A | NONE | — | 0 |
| CVE-2014-1573 Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, ... | N/A | NONE | — | 0 |
| CVE-2014-3091 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | N/A | NONE | — | 0 |
| CVE-2014-7283 The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a d... | N/A | NONE | — | 0 |
| CVE-2014-7284 The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initiali... | N/A | NONE | — | 0 |
| CVE-2014-7297 Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2014-7970 The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of ... | 5.5 | MEDIUM | — | 0 |
| CVE-2014-7975 The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allo... | 5.5 | MEDIUM | — | 0 |
| CVE-2014-8086 Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a writ... | 4.7 | MEDIUM | — | 0 |
| CVE-2014-8743 Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or ... | N/A | NONE | — | 0 |
| CVE-2014-8744 Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary... | N/A | NONE | — | 0 |
| CVE-2014-8745 Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" per... | N/A | NONE | — | 0 |
| CVE-2014-8746 Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject ar... | N/A | NONE | — | 0 |
| CVE-2014-8747 Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content cr... | N/A | NONE | — | 0 |
| CVE-2014-8748 Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission ... | N/A | NONE | — | 0 |
| CVE-2014-3825 The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Applicatio... | N/A | NONE | — | 0 |
| CVE-2014-6313 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports p... | N/A | NONE | — | 0 |
| CVE-2014-6377 Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a... | N/A | NONE | — | 0 |
| CVE-2014-6378 Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 ... | N/A | NONE | — | 0 |
| CVE-2014-6379 Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 1... | N/A | NONE | — | 0 |
| CVE-2011-5300 Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify... | N/A | NONE | — | 0 |
| CVE-2014-6380 Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X... | N/A | NONE | — | 0 |
| CVE-2014-8069 Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2)... | N/A | NONE | — | 0 |
| CVE-2014-8070 Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php... | N/A | NONE | — | 0 |
| CVE-2014-8765 Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script o... | N/A | NONE | — | 0 |
| CVE-2014-8766 Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified pa... | N/A | NONE | — | 0 |
| CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padd... | 3.4 | LOW | — | 0 |
| CVE-2014-9237 SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | N/A | NONE | — | 0 |
| CVE-2014-0564 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe A... | N/A | NONE | — | 0 |
| CVE-2014-0569 Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.... | N/A | NONE | — | 0 |
| CVE-2014-0570 Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attac... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.