Total
82346 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2225 | 1 Ui | 3 Airvision Controller, Mfi Controller, Unifi Controller | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity. | |||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | |||||
| CVE-2014-2069 | 1 Eshtery.she7ata | 1 Eshtery Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | |||||
| CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
| CVE-2014-1958 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | |||||
| CVE-2014-1947 | 2 Imagemagick, Suse | 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | |||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | |||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gamera before 3.4.1 insecurely creates temporary files. | |||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rc before 1.7.1-5 insecurely creates temporary files. | |||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | |||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | |||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | |||||
| CVE-2014-1835 | 1 Echor Project | 1 Echor | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | |||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | |||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | |||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | |||||
| CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||