Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3204 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. | |||||
| CVE-2014-3203 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | |||||
| CVE-2014-3202 | 1 Ayatana Project | 1 Unity | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | |||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2014-05-06 | 3.5 LOW | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | |||||
| CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2014-05-05 | 5.8 MEDIUM | N/A |
| The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | |||||
| CVE-2014-2741 | 1 Igniterealtime | 1 Openfire | 2014-05-05 | 7.8 HIGH | N/A |
| nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2014-05-05 | 5.0 MEDIUM | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | |||||
| CVE-2013-4310 | 1 Apache | 1 Struts | 2014-05-05 | 5.8 MEDIUM | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. | |||||
| CVE-2013-2030 | 1 Openstack | 4 Compute, Folsom, Grizzly and 1 more | 2014-05-05 | 2.1 LOW | N/A |
| keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | |||||
| CVE-2012-6068 | 1 3s-software | 1 Codesys Runtime System | 2014-05-05 | 10.0 HIGH | N/A |
| The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service. | |||||
| CVE-2014-2173 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2014-05-02 | 7.2 HIGH | N/A |
| Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. | |||||
| CVE-2014-1989 | 1 Cybozu | 1 Garoon | 2014-05-02 | 6.0 MEDIUM | N/A |
| Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | |||||
| CVE-2013-1807 | 1 Php-fusion | 1 Php-fusion | 2014-05-01 | 5.0 MEDIUM | N/A |
| PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. | |||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
| CVE-2013-7068 | 1 Organic Groups Project | 1 Organic Groups | 2014-04-29 | 4.9 MEDIUM | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||||
| CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2014-04-29 | 4.3 MEDIUM | N/A |
| The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | |||||
| CVE-2013-7063 | 1 Invitation Project | 1 Invitation | 2014-04-29 | 5.0 MEDIUM | N/A |
| The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | |||||
| CVE-2013-0296 | 1 Zlib | 1 Pigz | 2014-04-28 | 4.4 MEDIUM | N/A |
| Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | |||||
| CVE-2012-3946 | 1 Cisco | 1 Ios | 2014-04-24 | 5.0 MEDIUM | N/A |
| Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. | |||||
| CVE-2014-1321 | 1 Apple | 1 Mac Os X | 2014-04-24 | 3.3 LOW | N/A |
| Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. | |||||