Export limit exceeded: 74917 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74917 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 7.5 High |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
| CVE-2014-2560 | 1 Phoner | 1 Phonerlite | 2024-11-21 | 7.5 High |
| The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | ||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.5 High |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | ||||
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 8.1 High |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
| CVE-2014-2225 | 1 Ui | 3 Airvision Controller, Mfi Controller, Unifi Controller | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | ||||
| CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-11-21 | 8.8 High |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | ||||
| CVE-2014-1958 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-11-21 | 8.8 High |
| Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | ||||
| CVE-2014-1947 | 2 Imagemagick, Suse | 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2024-11-21 | 7.8 High |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | ||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 7.5 High |
| Gamera before 3.4.1 insecurely creates temporary files. | ||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 7.5 High |
| rc before 1.7.1-5 insecurely creates temporary files. | ||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 7.8 High |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
| CVE-2014-1214 | 1 Projoom | 1 Smart Flash Header | 2024-11-21 | 8.8 High |
| views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | ||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2024-11-21 | 7.3 High |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-10397 | 1 Para | 1 Antioch | 2024-11-21 | 7.5 High |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | ||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2024-11-21 | 7.5 High |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | ||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 7.5 High |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | ||||
| CVE-2014-10068 | 1 Hapi | 1 Inert | 2024-11-21 | 7.5 High |
| The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | ||||
| CVE-2014-10066 | 1 Fancy-server Project | 1 Fancy-server | 2024-11-21 | 7.5 High |
| Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. | ||||