Export limit exceeded: 24706 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24706 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-11-21 | 8.1 High |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
| CVE-2014-2078 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. | ||||
| CVE-2014-2032 | 2 Deadwood Project, Maradns Project | 2 Deadwood, Maradns | 2024-11-21 | N/A |
| Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation. | ||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-11-21 | 7.5 High |
| Gamera before 3.4.1 insecurely creates temporary files. | ||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 7.5 High |
| rc before 1.7.1-5 insecurely creates temporary files. | ||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.3 Medium |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | ||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | N/A |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | N/A |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | ||||
| CVE-2014-125093 | 1 Getadmiral | 1 Ad Blocking Detector | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The patch is identified as 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125056 | 1 Pylonsproject | 1 Horus | 2024-11-21 | 2.6 Low |
| A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125055 | 1 Easy-script Project | 1 Easy-script | 2024-11-21 | 2.6 Low |
| A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596. | ||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | ||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | ||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2014-10374 | 1 Fitbit | 2 Charge 2, Charge 2 Firmware | 2024-11-21 | N/A |
| On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations. | ||||
| CVE-2014-10079 | 1 Vembu | 1 Storegrid | 2024-11-21 | N/A |
| In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | ||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | N/A |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | ||||
| CVE-2014-10076 | 1 Wp-db-backup Project | 1 Wp-db-backup | 2024-11-21 | N/A |
| The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | ||||
| CVE-2014-10062 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection. | ||||