Total
10393 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5003 | 1 Ciborg Project | 1 Ciborg | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | |||||
| CVE-2014-4994 | 1 Gyazo Project | 1 Gyazo | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | |||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |||||
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | |||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | |||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | |||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | |||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | |||||
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | |||||
| CVE-2014-2032 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation. | |||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gamera before 3.4.1 insecurely creates temporary files. | |||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| rc before 1.7.1-5 insecurely creates temporary files. | |||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | |||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | |||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | |||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | |||||
| CVE-2014-10051 | 1 Qualcomm | 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines. | |||||
| CVE-2014-0900 | 1 Google | 1 Android | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | |||||