ReportizFlow
Filtered by vendor
Subscriptions
Total
12614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7222 | 1 Teamspeak | 1 Teamspeak3 | 2024-11-21 | N/A |
| Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags. | ||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 8.8 High |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | ||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2024-11-21 | 9.8 Critical |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | ||||
| CVE-2014-5282 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | ||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-11-21 | N/A |
| The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | ||||
| CVE-2014-5170 | 1 Drupal | 1 Storage Api | 2024-11-21 | N/A |
| The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. | ||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2024-11-21 | 5.5 Medium |
| Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability | ||||
| CVE-2014-5092 | 1 Status2k | 1 Status2k | 2024-11-21 | 8.8 High |
| Status2k allows Remote Command Execution in admin/options/editpl.php. | ||||
| CVE-2014-5091 | 1 Status2k | 1 Status2k | 2024-11-21 | 9.8 Critical |
| A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | ||||
| CVE-2014-5087 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2014-5003 | 1 Ciborg Project | 1 Ciborg | 2024-11-21 | N/A |
| chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | ||||
| CVE-2014-4994 | 1 Gyazo Project | 1 Gyazo | 2024-11-21 | N/A |
| lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | ||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | ||||
| CVE-2014-4651 | 2 Apache, Redhat | 2 Jclouds, Jboss Fuse | 2024-11-21 | 9.8 Critical |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | ||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2024-11-21 | N/A |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | ||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | N/A |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | ||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2024-11-21 | 9.8 Critical |
| fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | ||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.5 High |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | ||||
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 8.1 High |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
| CVE-2014-2032 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | N/A |
| Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation. | ||||