Export limit exceeded: 24851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | N/A |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | ||||
| CVE-2014-6309 | 1 Tenefit | 1 Kaazing Websocket Gateway | 2024-11-21 | 7.5 High |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | ||||
| CVE-2014-6275 | 2 Debian, Fusionforge | 2 Debian Linux, Fusionforge | 2024-11-21 | 5.9 Medium |
| FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | ||||
| CVE-2014-6112 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | N/A |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. | ||||
| CVE-2014-6109 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | N/A |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. | ||||
| CVE-2014-6108 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2024-11-21 | N/A |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. | ||||
| CVE-2014-6048 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | ||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | ||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 8.8 High |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | ||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-11-21 | N/A |
| Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | ||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2024-11-21 | N/A |
| Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | ||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2024-11-21 | 9.8 Critical |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | ||||
| CVE-2014-5282 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | ||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-11-21 | N/A |
| The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | ||||
| CVE-2014-5209 | 2 F5, Ntp | 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | ||||
| CVE-2014-5170 | 1 Drupal | 1 Storage Api | 2024-11-21 | N/A |
| The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. | ||||
| CVE-2014-5132 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses. | ||||
| CVE-2014-5131 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. | ||||
| CVE-2014-5130 | 1 Avolvesoftware | 1 Projectdox | 2024-11-21 | N/A |
| Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token. | ||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2024-11-21 | 5.5 Medium |
| Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability | ||||