Search Results (1468 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4002 2 Cacti, Opensuse 2 Cacti, Opensuse 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.
CVE-2014-4165 2 Ntop, Opensuse 2 Ntop, Opensuse 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
CVE-2014-7818 2 Opensuse, Rubyonrails 3 Opensuse, Rails, Ruby On Rails 2025-04-12 N/A
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
CVE-2015-3256 3 Opensuse, Polkit Project, Redhat 3 Opensuse, Polkit, Enterprise Linux 2025-04-12 N/A
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
CVE-2014-7926 6 Canonical, Google, Icu-project and 3 more 10 Ubuntu Linux, Chrome, International Components For Unicode and 7 more 2025-04-12 N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
CVE-2014-9556 2 Libmspack Project, Opensuse 2 Libmspack, Opensuse 2025-04-12 N/A
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
CVE-2014-7942 5 Canonical, Chromium, Google and 2 more 9 Ubuntu Linux, Chromium, Chrome and 6 more 2025-04-12 N/A
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2014-4987 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2025-04-12 N/A
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
CVE-2014-5026 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.
CVE-2014-5146 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 N/A
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
CVE-2014-5149 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-12 N/A
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
CVE-2014-8104 5 Canonical, Debian, Mageia and 2 more 6 Ubuntu Linux, Debian Linux, Mageia and 3 more 2025-04-12 N/A
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2013-7336 2 Opensuse, Redhat 4 Opensuse, Enterprise Linux, Libvirt and 1 more 2025-04-12 N/A
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
CVE-2013-7423 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Glibc, Opensuse and 4 more 2025-04-12 N/A
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2014-8132 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2014-8134 6 Canonical, Linux, Opensuse and 3 more 7 Ubuntu Linux, Linux Kernel, Evergreen and 4 more 2025-04-12 3.3 Low
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
CVE-2014-8136 4 Canonical, Mageia, Opensuse and 1 more 10 Ubuntu Linux, Mageia, Opensuse and 7 more 2025-04-12 N/A
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
CVE-2014-5353 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2014-0133 2 F5, Opensuse 2 Nginx, Opensuse 2025-04-12 N/A
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
CVE-2014-0157 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.