Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-9633 | 1 Comodo | 1 Backup | 2024-08-06 | N/A |
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | ||||
CVE-2014-9646 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | ||||
CVE-2014-9642 | 1 Bullguard | 4 Bdagent.sys, Internet Security, Online Backup and 1 more | 2024-08-06 | N/A |
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. | ||||
CVE-2014-9610 | 1 Netsweeper | 1 Netsweeper | 2024-08-06 | N/A |
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | ||||
CVE-2014-9583 | 2 Asus, T-mobile | 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more | 2024-08-06 | N/A |
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. | ||||
CVE-2014-9466 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-06 | N/A |
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier." | ||||
CVE-2014-9493 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | ||||
CVE-2014-9476 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/." | ||||
CVE-2014-9494 | 1 Pivotal Software | 1 Rabbitmq | 2024-08-06 | N/A |
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. | ||||
CVE-2014-9503 | 1 Open Atrium Project | 1 Open Atrium | 2024-08-06 | N/A |
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. | ||||
CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2024-08-06 | N/A |
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | ||||
CVE-2014-9324 | 1 Otrs | 1 Otrs Help Desk | 2024-08-06 | N/A |
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors. | ||||
CVE-2014-9357 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-08-06 | N/A |
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | ||||
CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2024-08-06 | N/A |
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | ||||
CVE-2014-9353 | 1 Netapp | 1 Oncommand Balance | 2024-08-06 | N/A |
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | ||||
CVE-2014-9260 | 1 Downloadmanager | 1 Download Manager | 2024-08-06 | N/A |
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | ||||
CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2024-08-06 | N/A |
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | ||||
CVE-2014-9193 | 1 Innominate | 1 Mguard Firmware | 2024-08-06 | N/A |
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | ||||
CVE-2014-9226 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2024-08-06 | N/A |
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | ||||
CVE-2014-9048 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. |