Total
27353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9959 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | |||||
| CVE-2014-9958 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | |||||
| CVE-2014-9957 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | |||||
| CVE-2014-9956 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | |||||
| CVE-2014-9955 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. | |||||
| CVE-2014-9954 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | |||||
| CVE-2014-9953 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | |||||
| CVE-2014-9753 | 1 Atutor | 1 Atutor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | |||||
| CVE-2014-9614 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | |||||
| CVE-2014-9613 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. | |||||
| CVE-2014-9612 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. | |||||
| CVE-2014-9530 | 1 Nwjs | 1 Nw | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. | |||||
| CVE-2014-9390 | 6 Apple, Eclipse, Git-scm and 3 more | 8 Mac Os X, Xcode, Egit and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | |||||
| CVE-2014-9320 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | |||||
| CVE-2014-9189 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9187 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | |||||
| CVE-2014-8941 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | |||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||||