Export limit exceeded: 343968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343968 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7198 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | ||||
| CVE-2014-7175 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 9.8 Critical |
| FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | ||||
| CVE-2014-7174 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 5.3 Medium |
| FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. | ||||
| CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 9.8 Critical |
| FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | ||||
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2024-11-21 | N/A |
| The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | ||||
| CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2024-11-21 | N/A |
| Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | ||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 High |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | ||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 7.1 High |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | ||||
| CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | N/A |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | ||||
| CVE-2014-6436 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | N/A |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | ||||
| CVE-2014-6435 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | N/A |
| cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | ||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | ||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2024-11-21 | 6.1 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | ||||
| CVE-2014-6412 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | ||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2024-11-21 | 9.8 Critical |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | ||||
| CVE-2014-6310 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 9.8 Critical |
| Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | ||||
| CVE-2014-6309 | 1 Tenefit | 1 Kaazing Websocket Gateway | 2024-11-21 | 7.5 High |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | ||||
| CVE-2014-6275 | 2 Debian, Fusionforge | 2 Debian Linux, Fusionforge | 2024-11-21 | 5.9 Medium |
| FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | ||||
| CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-11-21 | 7.5 High |
| Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | ||||