Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 57819 in total

SUSE Linux Security Advisory: CVE-2014-8627 Vulnerability

  • Severity: 4
  • Published: November 23, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

SUSE Linux Security Advisory: CVE-2014-8628 Vulnerability

  • Severity: 4
  • Published: November 23, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

FreeBSD: asterisk -- Multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: November 20, 2014

The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions.

USN-2412-1: Ruby vulnerability Vulnerability

  • Severity: 4
  • Published: November 20, 2014

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entit...

FreeBSD: asterisk -- Multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: November 20, 2014

The Asterisk project reports: AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function.

Hikvision DVR RTSP Request Remote Code Execution Exploit

Disclosed: November 19, 2014

This module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but...

USN-2413-1: AppArmor vulnerability Vulnerability

  • Severity: 4
  • Published: November 19, 2014

An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Undercertain circumstances, a malicious application could use this flaw to performoperations that are not allowed by AppArmor policy. The flaw may also preventapplications from accessing resources that are allowed by AppArmor policy. The problem can be corrected b...

DSA-3075-1 drupal7 -- security update Vulnerability

  • Severity: 4
  • Published: November 19, 2014

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:

FreeBSD: phpMyAdmin -- XSS and information disclosure vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: November 19, 2014

The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted va...

Google Chrome Vulnerability: CVE-2014-7909 Vulnerability

  • Severity: 5
  • Published: November 18, 2014

effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.