Total
308304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Déjà Vu Crescendo Sales CRM has remote SQL Injection | |||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LPAR2RRD = 4.53 and = 3.5 has arbitrary command injection on the application server. | |||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | |||||
| CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | |||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | |||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4959 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | |||||
| CVE-2014-4932 | 1 Wordfence | 1 Wordfence Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. | |||||
| CVE-2014-4928 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | |||||
| CVE-2014-4919 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups. | |||||
| CVE-2014-4913 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZF2014-03 has a potential cross site scripting vector in multiple view helpers | |||||
| CVE-2014-4912 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | |||||
| CVE-2014-4861 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | |||||
| CVE-2014-4860 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | |||||
| CVE-2014-4859 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | |||||
| CVE-2014-4782 | 1 Ibm | 1 Infosphere Biginsights | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. | |||||
| CVE-2014-4705 | 1 Huawei | 42 Ar1200, Ar1200 Firmware, Ar150 and 39 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | |||||