ReportizFlow
Filtered by vendor
Subscriptions
Total
323547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 8.8 High |
| Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | ||||
| CVE-2014-5069 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. | ||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | ||||
| CVE-2014-5044 | 1 Gnu | 1 Libgfortran | 2024-11-21 | N/A |
| Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. | ||||
| CVE-2014-5039 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 9.6 Critical |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-5034 | 1 Fresh-media | 1 Brute Force Login Protection | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. | ||||
| CVE-2014-5028 | 1 Reviewboard | 1 Review Board | 2024-11-21 | N/A |
| The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | ||||
| CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2024-11-21 | N/A |
| The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | ||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 8.8 High |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | ||||
| CVE-2014-5012 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.5 Medium |
| DOMPDF before 0.6.2 allows denial of service. | ||||
| CVE-2014-5011 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.5 Medium |
| DOMPDF before 0.6.2 allows Information Disclosure. | ||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | ||||
| CVE-2014-5004 | 1 Brbackup Project | 1 Brbackup | 2024-11-21 | N/A |
| lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-5003 | 1 Ciborg Project | 1 Ciborg | 2024-11-21 | N/A |
| chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | ||||
| CVE-2014-5002 | 1 Lynx Project | 1 Lynx | 2024-11-21 | N/A |
| The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | ||||
| CVE-2014-5001 | 1 Kcapifony Project | 1 Kcapifony | 2024-11-21 | N/A |
| lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | ||||
| CVE-2014-5000 | 1 Lawn-login Project | 1 Lawn-login | 2024-11-21 | N/A |
| The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4999 | 1 Kajam Project | 1 Kajam | 2024-11-21 | N/A |
| vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4998 | 1 Lean-ruport Project | 1 Lean-ruport | 2024-11-21 | N/A |
| test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | N/A |
| lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||