Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1947 | 2 Imagemagick, Suse | 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2024-11-21 | 7.8 High |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | ||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-11-21 | N/A |
| OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | ||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2024-11-21 | 5.5 Medium |
| python-rply before 0.7.4 insecurely creates temporary files. | ||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 7.5 High |
| Gamera before 3.4.1 insecurely creates temporary files. | ||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 7.5 High |
| rc before 1.7.1-5 insecurely creates temporary files. | ||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.3 Medium |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | ||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | ||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-11-21 | N/A |
| The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | ||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 7.8 High |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
| CVE-2014-1860 | 1 Contao | 1 Contao Cms | 2024-11-21 | 9.8 Critical |
| Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | ||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | N/A |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | N/A |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||||
| CVE-2014-1835 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | ||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | ||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||