Export limit exceeded: 343974 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343974 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8356 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2024-11-21 | 8.8 High |
| The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. | ||||
| CVE-2014-8347 | 1 Claris | 2 Filemaker Pro, Filemaker Pro Advanced | 2024-11-21 | 7.8 High |
| An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | ||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | ||||
| CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | ||||
| CVE-2014-8336 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | N/A |
| The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | ||||
| CVE-2014-8335 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | N/A |
| (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-8328 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2024-11-21 | 5.3 Medium |
| The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. | ||||
| CVE-2014-8322 | 1 Aircrack-ng | 1 Aircrack-ng | 2024-11-21 | 9.8 Critical |
| Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | ||||
| CVE-2014-8321 | 1 Aircrack-ng | 1 Aircrack-ng | 2024-11-21 | 7.8 High |
| Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | ||||
| CVE-2014-8271 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 6.8 Medium |
| Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | ||||
| CVE-2014-8184 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-11-21 | 7.8 High |
| A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | ||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | 7.4 High |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||||
| CVE-2014-8182 | 3 Debian, Openldap, Redhat | 3 Debian Linux, Openldap, Enterprise Linux | 2024-11-21 | 7.5 High |
| An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. | ||||
| CVE-2014-8181 | 1 Redhat | 2 Enterprise Linux, Enterprise Mrg | 2024-11-21 | 5.5 Medium |
| The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | ||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 7.5 High |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | ||||
| CVE-2014-8178 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 5.5 Medium |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | ||||
| CVE-2014-8171 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | N/A |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | ||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 5.9 Medium |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | ||||
| CVE-2014-8166 | 1 Cups | 1 Cups | 2024-11-21 | 8.8 High |
| The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. | ||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 9.1 Critical |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | ||||