Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5091 | 1 Status2k | 1 Status2k | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
|
|||||
| CVE-2014-5087 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2014-5003 | 1 Ciborg Project | 1 Ciborg | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.
|
|||||
| CVE-2014-4994 | 1 Gyazo Project | 1 Gyazo | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
|
|||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
|
|||||
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
|
|||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
|
|||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
|
|||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
|
|||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.
|
|||||
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.
|
|||||
| CVE-2014-2032 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.
|
|||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Gamera before 3.4.1 insecurely creates temporary files.
|
|||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
rc before 1.7.1-5 insecurely creates temporary files.
|
|||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.
|
|||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
|
|||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
|
|||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
|
|||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
|
|||||
| CVE-2014-10051 | 1 Qualcomm | 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines.
|
|||||
| CVE-2014-0900 | 1 Google | 1 Android | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure.
|
|||||
| CVE-2014-0593 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 10.0 HIGH | 7.8 HIGH |
|
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
|
|||||
| CVE-2014-0486 | 1 Nic | 1 Knot Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
|
|||||
| CVE-2014-0144 | 2 Qemu, Redhat | 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2024-11-21 | N/A | 8.6 HIGH |
|
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
|
|||||
| CVE-2014-0091 | 1 Theforeman | 1 Foreman | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Foreman has improper input validation which could lead to partial Denial of Service
|
|||||
| CVE-2014-0084 | 1 Redhat | 1 Openshift Origin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
|
|||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
|
|||||
| CVE-2013-7483 | 1 Hbwsl | 1 Slidedeck 2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.
|
|||||
| CVE-2013-7333 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.
|
|||||
| CVE-2013-7172 | 1 Slackware | 1 Slackware Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
|
|||||
| CVE-2013-7171 | 1 Slackware | 1 Slackware Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
|
|||||
| CVE-2013-5106 | 1 Python-mode Project | 1 Python-mode | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.
|
|||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
|
php-symfony2-Validator has loss of information during serialization
|
|||||
| CVE-2013-4535 | 2 Qemu, Redhat | 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
|
|||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
|
|||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
|
Orca has arbitrary code execution due to insecure Python module load
|
|||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an object injection vulnerability in swfupload plugin for wordpress.
|
|||||
| CVE-2013-4103 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
|
|||||
| CVE-2013-4101 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
|
|||||