244451
|
2.1 |
LOW
|
nagios
|
nagios
|
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4…
|
CWE-200
情報漏えい
|
CVE-2014-4701
|
2016-11-29 04:12 |
2014-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244452
|
2.1 |
LOW
|
nagios
|
nagios
|
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4…
|
CWE-200
情報漏えい
|
CVE-2014-4702
|
2016-11-29 04:12 |
2014-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244453
|
2.1 |
LOW
|
nagios
|
nagios
|
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca…
|
CWE-59
リンク解釈の問題
|
CVE-2014-4703
|
2016-11-29 04:12 |
2014-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244454
|
6.8 |
MEDIUM
|
redhat igniterealtime
|
jboss_fuse smack_api
|
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…
|
CWE-310
暗号の問題
|
CVE-2014-5075
|
2016-11-29 04:12 |
2014-10-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244455
|
5.0 |
MEDIUM
|
directwebremoting
|
direct_web_remoting
|
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrar…
|
CWE-200
情報漏えい
|
CVE-2014-5325
|
2016-11-29 04:12 |
2014-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244456
|
9.1 |
CRITICAL
ネットワーク
beckhoff
|
embedded_pc_images twincat
|
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote atta…
|
CWE-254
セキュリティ機能
|
CVE-2014-5414
|
2016-11-29 04:12 |
2016-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
244457
|
9.1 |
CRITICAL
ネットワーク
beckhoff
|
embedded_pc_images twincat
|
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration To…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-5415
|
2016-11-29 04:12 |
2016-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
244458
|
9.4 |
HIGH
|
ibm
|
rational_clearcase
|
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, wh…
|
CWE-310
暗号の問題
|
CVE-2014-6221
|
2016-11-29 04:12 |
2015-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244459
|
4.0 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-6514
|
2016-11-29 04:12 |
2015-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244460
|
6.3 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affec…
|
NVD-CWE-noinfo
|
CVE-2014-6541
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244461
|
6.3 |
MEDIUM
|
oracle
|
database_server
|
Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
This vulnerability is only applicable on a Windows operating system. The CVSS score is 6.3 for Database versions prior …
|
NVD-CWE-noinfo
|
CVE-2014-6541
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244462
|
9.0 |
HIGH
|
oracle
|
database_server
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ…
|
NVD-CWE-noinfo
|
CVE-2014-6567
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244463
|
9.0 |
HIGH
|
oracle
|
database_server
|
Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
The CVSS Score is 9.0 only on Windows for Database versions prior to 12c. The CVSS Base Score is 6.5 (Confidentiality, …
|
NVD-CWE-noinfo
|
CVE-2014-6567
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244464
|
6.8 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality v…
|
NVD-CWE-noinfo
|
CVE-2014-6577
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244465
|
6.8 |
MEDIUM
|
oracle
|
database_server
|
Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+…
|
NVD-CWE-noinfo
|
CVE-2014-6577
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244466
|
6.5 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrit…
|
NVD-CWE-noinfo
|
CVE-2014-6578
|
2016-11-29 04:12 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244467
|
6.4 |
MEDIUM
|
squid-cache
|
squid
|
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6…
|
CWE-19
データ処理
|
CVE-2014-7141
|
2016-11-29 04:12 |
2014-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244468
|
6.4 |
MEDIUM
|
oracle canonical squid-cache
|
solaris ubuntu_linux squid
|
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
|
CWE-20
不適切な入力確認
|
CVE-2014-7142
|
2016-11-29 04:12 |
2014-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244469
|
4.3 |
MEDIUM
|
openstack
|
keystonemiddleware python-keystoneclient
|
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (pa…
|
CWE-310
暗号の問題
|
CVE-2014-7144
|
2016-11-29 04:12 |
2014-10-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244470
|
7.5 |
HIGH
|
oleumtech
|
sensor_wireless_i\/o_module wio_dh2_wireless_gateway
|
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
|
CWE-20
不適切な入力確認
|
CVE-2014-2360
|
2016-11-29 04:11 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244471
|
7.2 |
HIGH
|
oleumtech
|
sensor_wireless_i\/o_module wio_dh2_wireless_gateway
|
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to…
|
NVD-CWE-Other
|
CVE-2014-2361
|
2016-11-29 04:11 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244472
|
7.2 |
HIGH
|
oleumtech
|
sensor_wireless_i\/o_module wio_dh2_wireless_gateway
|
<a href="http://cwe.mitre.org/data/definitions/320.html" target="_blank">CWE-320: CWE-320: Key Management Errors</a>
|
NVD-CWE-Other
|
CVE-2014-2361
|
2016-11-29 04:11 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244473
|
7.8 |
HIGH
|
oleumtech
|
sensor_wireless_i\/o_module wio_dh2_wireless_gateway
|
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic p…
|
NVD-CWE-Other
|
CVE-2014-2362
|
2016-11-29 04:11 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244474
|
7.8 |
HIGH
|
oleumtech
|
sensor_wireless_i\/o_module wio_dh2_wireless_gateway
|
<a href="http://cwe.mitre.org/data/definitions/338.html" target="_blank">CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)</a>
|
NVD-CWE-Other
|
CVE-2014-2362
|
2016-11-29 04:11 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244475
|
4.3 |
MEDIUM
|
oracle
|
siebel_crm
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2014-2468
|
2016-11-29 04:11 |
2014-04-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244476
|
7.8 |
HIGH
|
cisco
|
asa
|
The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul361…
|
CWE-399
リソース管理の問題
|
CVE-2014-3383
|
2016-11-29 04:11 |
2014-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244477
|
5.0 |
MEDIUM
|
christos_zoulas php
|
file php
|
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial …
|
CWE-119
バッファエラー
|
CVE-2014-3478
|
2016-11-29 04:11 |
2014-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244478
|
5.8 |
MEDIUM
|
gnu
|
gnutls
|
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack…
|
CWE-310
暗号の問題
|
CVE-2014-0092
|
2016-11-29 04:10 |
2014-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244479
|
6.8 |
MEDIUM
|
gnu
|
glibc
|
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecifie…
|
CWE-22
パス・トラバーサル
|
CVE-2014-0475
|
2016-11-29 04:10 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244480
|
4.0 |
MEDIUM
|
ibm
|
db2
|
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users t…
|
CWE-200
情報漏えい
|
CVE-2014-0919
|
2016-11-29 04:10 |
2015-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244481
|
5.0 |
MEDIUM
|
fedoraproject mozilla
|
fedora bugzilla
|
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x be…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1572
|
2016-11-29 04:10 |
2014-10-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244482
|
4.3 |
MEDIUM
|
fedoraproject mozilla
|
fedora bugzilla
|
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters,…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-1573
|
2016-11-29 04:10 |
2014-10-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244483
|
5.8 |
MEDIUM
|
gnu
|
gnutls
|
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1959
|
2016-11-29 04:10 |
2014-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244484
|
6.4 |
MEDIUM
|
strongswan
|
strongswan
|
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set…
|
CWE-287
不適切な認証
|
CVE-2014-2338
|
2016-11-29 04:10 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244485
|
4.0 |
MEDIUM
|
typo3
|
typo3
|
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-7073
|
2016-11-29 04:10 |
2013-12-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244486
|
5.9 |
MEDIUM
ネットワーク
|
python
|
python
|
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve…
|
CWE-19
データ処理
|
CVE-2013-7440
|
2016-11-29 04:10 |
2016-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244487
|
5.0 |
MEDIUM
|
canonical sqlite
|
ubuntu_linux sqlite
|
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.
|
CWE-119
バッファエラー
|
CVE-2013-7443
|
2016-11-29 04:10 |
2015-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244488
|
4.3 |
MEDIUM
|
oracle
|
peoplesoft_products
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related…
|
NVD-CWE-noinfo
|
CVE-2013-2404
|
2016-11-29 04:09 |
2013-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244489
|
6.4 |
MEDIUM
|
apache
|
activemq
|
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
|
CWE-287
不適切な認証
|
CVE-2013-3060
|
2016-11-29 04:09 |
2013-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244490
|
6.5 |
MEDIUM
|
x
|
x.org_x11
|
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon …
|
CWE-399
リソース管理の問題
|
CVE-2013-4396
|
2016-11-29 04:09 |
2013-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244491
|
6.5 |
MEDIUM
|
x
|
x.org_x11
|
Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561
"' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges…
|
CWE-399
リソース管理の問題
|
CVE-2013-4396
|
2016-11-29 04:09 |
2013-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244492
|
7.5 |
HIGH
|
janrain
|
php-openid
|
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consum…
|
NVD-CWE-noinfo
|
CVE-2013-4701
|
2016-11-29 04:09 |
2013-08-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244493
|
5.0 |
MEDIUM
|
oracle
|
peoplesoft_products
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r…
|
NVD-CWE-noinfo
|
CVE-2013-5794
|
2016-11-29 04:09 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244494
|
5.0 |
MEDIUM
|
oracle
|
peoplesoft_products
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r…
|
NVD-CWE-noinfo
|
CVE-2013-5841
|
2016-11-29 04:09 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244495
|
7.5 |
HIGH
|
wouter_verhelst debian canonical
|
nbd debian_linux ubuntu_linux
|
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partia…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6410
|
2016-11-29 04:09 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244496
|
5.8 |
MEDIUM
|
pywbem_project
|
pywbem
|
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
|
CWE-20
不適切な入力確認
|
CVE-2013-6418
|
2016-11-29 04:09 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244497
|
5.8 |
MEDIUM
|
pywbem_project
|
pywbem
|
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
不適切な入力確認
|
CVE-2013-6444
|
2016-11-29 04:09 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244498
|
4.3 |
MEDIUM
|
dave_coffin
|
dcraw
|
Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil…
|
NVD-CWE-noinfo
|
CVE-2013-1438
|
2016-11-29 04:08 |
2014-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244499
|
6.9 |
MEDIUM
|
todd_miller apple
|
sudo mac_os_x
|
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1775
|
2016-11-29 04:08 |
2013-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244500
|
4.3 |
MEDIUM
|
apache
|
activemq
|
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1880
|
2016-11-29 04:08 |
2014-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|