Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3585 | 1 Redhat | 3 Enterprise Linux, Redhat-upgrade-tool, Rhel Extras Other | 2024-11-21 | 9.8 Critical |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | ||||
| CVE-2014-3539 | 1 Rope Project | 1 Rope | 2024-11-21 | 9.8 Critical |
| base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. | ||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 Medium |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | ||||
| CVE-2014-3519 | 1 Openvz | 1 Vzkernel | 2024-11-21 | N/A |
| The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | ||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2024-11-21 | 7.5 High |
| duplicity 0.6.24 has improper verification of SSL certificates | ||||
| CVE-2014-3484 | 1 Musl-libc | 1 Musl | 2024-11-21 | 9.8 Critical |
| Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. | ||||
| CVE-2014-3471 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A |
| Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. | ||||
| CVE-2014-3449 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 9.8 Critical |
| BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability | ||||
| CVE-2014-3448 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 9.8 Critical |
| BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | ||||
| CVE-2014-3447 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 7.5 High |
| BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | ||||
| CVE-2014-3445 | 1 Handsomeweb | 1 Sos Webpages | 2024-11-21 | 9.8 Critical |
| backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash. | ||||
| CVE-2014-3413 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | ||||
| CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | ||||
| CVE-2014-3230 | 1 Lwp\ | 1 \ | 2024-11-21 | 5.9 Medium |
| The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | ||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-11-21 | N/A |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | ||||
| CVE-2014-3208 | 1 Askpop3d Project | 1 Askpop3d | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), | ||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | N/A |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | ||||
| CVE-2014-3205 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-11-21 | N/A |
| backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. | ||||
| CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2024-11-21 | 9.1 Critical |
| In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable | ||||
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | ||||