Total
82118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
| CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1226 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. | |||||
| CVE-2014-1215 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. | |||||
| CVE-2014-1214 | 1 Projoom | 1 Smart Flash Header | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | |||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125024 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125020 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125017 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125015 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125001 | 1 Cardosystems | 2 Scala Rider Q3, Scala Rider Q3 Firmware | 2024-11-21 | 8.3 HIGH | 8.1 HIGH |
| A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended. | |||||
| CVE-2014-10397 | 1 Para | 1 Antioch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | |||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | |||||
| CVE-2014-10381 | 1 User Domain Whitelist Project | 1 User Domain Whitelist | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. | |||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | |||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | |||||
| CVE-2014-10076 | 1 Wp-db-backup Project | 1 Wp-db-backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | |||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | |||||