Export limit exceeded: 343293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | ||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | ||||
| CVE-2014-7224 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 High |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | ||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 7.1 High |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | ||||
| CVE-2014-6309 | 1 Tenefit | 1 Kaazing Websocket Gateway | 2024-11-21 | 7.5 High |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | ||||
| CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-11-21 | 7.5 High |
| Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | ||||
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.2 High |
| WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | ||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 8.8 High |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | ||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2024-11-21 | 7.8 High |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | ||||
| CVE-2014-5380 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 7.5 High |
| Grand MA 300 allows retrieval of the access PIN from sniffed data. | ||||
| CVE-2014-5329 | 1 Tripodworks | 6 Gigapod 2010, Gigapod 2010 Firmware, Gigapod 3 and 3 more | 2024-11-21 | 7.5 High |
| GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition. | ||||
| CVE-2014-5288 | 1 Kemptechnologies | 1 Load Master | 2024-11-21 | 8.8 High |
| A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. | ||||
| CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2024-11-21 | 8.8 High |
| A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | ||||
| CVE-2014-5280 | 1 Boot2docker | 1 Boot2docker | 2024-11-21 | 8.8 High |
| boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. | ||||
| CVE-2014-5255 | 2 Debian, Xcfa Project | 2 Debian Linux, Xcfa | 2024-11-21 | 7.0 High |
| xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. | ||||
| CVE-2014-5238 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.8 High |
| XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | ||||
| CVE-2014-5236 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 High |
| Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | ||||