ReportizFlow
Filtered by vendor
Subscriptions
Total
323514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3230 | 1 Lwp\ | 1 \ | 2024-11-21 | 5.9 Medium |
| The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | ||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-11-21 | N/A |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | ||||
| CVE-2014-3208 | 1 Askpop3d Project | 1 Askpop3d | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), | ||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | N/A |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | ||||
| CVE-2014-3205 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | N/A |
| backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. | ||||
| CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2024-11-21 | 9.1 Critical |
| In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable | ||||
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | ||||
| CVE-2014-3119 | 1 Web2project | 1 Web2project | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | ||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2024-11-21 | N/A |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. | ||||
| CVE-2014-3005 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | ||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2024-11-21 | 9.8 Critical |
| fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | ||||
| CVE-2014-2906 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.0 High |
| The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | ||||
| CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||
| CVE-2014-2902 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | ||||
| CVE-2014-2901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | ||||
| CVE-2014-2898 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure. | ||||
| CVE-2014-2897 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read. | ||||
| CVE-2014-2896 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read. | ||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | N/A |
| Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c. | ||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | N/A |
| The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | ||||