Total
82122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | 1.9 LOW | 7.0 HIGH |
| Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | |||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | |||||
| CVE-2014-4928 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | |||||
| CVE-2014-4705 | 1 Huawei | 42 Ar1200, Ar1200 Firmware, Ar150 and 39 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | |||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4609 | 1 Libav | 1 Libav | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4145 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985. | |||||
| CVE-2014-4112 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304. | |||||
| CVE-2014-4066 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806. | |||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | |||||
| CVE-2014-3999 | 1 Horde | 1 Horde Ldap | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | |||||
| CVE-2014-3979 | 1 Bytemark | 1 Symbiosis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. | |||||
| CVE-2014-3868 | 1 Zeuscart | 1 Zeuscart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in ZeusCart 4.x. | |||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | |||||
| CVE-2014-3856 | 1 Fishshell | 1 Fish | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | |||||