ReportizFlow
Filtered by vendor
Subscriptions
Total
323514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2359 | 1 Oleumtech | 4 Ad1, Ad1 Firmware, Ft1 and 1 more | 2024-11-21 | N/A |
| OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. | ||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2024-11-21 | 5.5 Medium |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | ||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.5 High |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | ||||
| CVE-2014-2302 | 1 Webedition | 1 Webedition Cms | 2024-11-21 | N/A |
| The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | ||||
| CVE-2014-2297 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. | ||||
| CVE-2014-2296 | 1 Apereo | 1 Cas Server | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | ||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | N/A |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | ||||
| CVE-2014-2293 | 1 Zikula | 1 Zikula Application Framework | 2024-11-21 | N/A |
| Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | ||||
| CVE-2014-2274 | 1 Subscribe To Comments Reloaded Project | 1 Subscribe To Comments Reloaded | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. | ||||
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 8.1 High |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
| CVE-2014-2228 | 1 Talend | 1 Restlet | 2024-11-21 | 9.8 Critical |
| The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | ||||
| CVE-2014-2225 | 1 Ui | 3 Airvision Controller, Mfi Controller, Unifi Controller | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | ||||
| CVE-2014-2214 | 1 Posh Project | 1 Posh | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php | ||||
| CVE-2014-2213 | 1 Posh Project | 1 Posh | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php. | ||||
| CVE-2014-2079 | 2 Debian, X File Explorer Project | 2 Debian Linux, X File Explorer | 2024-11-21 | N/A |
| X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. | ||||
| CVE-2014-2078 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. | ||||
| CVE-2014-2073 | 1 3ds | 1 Catia | 2024-11-21 | 9.8 Critical |
| Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." | ||||
| CVE-2014-2072 | 1 3ds | 1 Catia | 2024-11-21 | 9.8 Critical |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | ||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | N/A |
| Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | ||||
| CVE-2014-2069 | 1 Eshtery.she7ata | 1 Eshtery Cms | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | ||||