Export limit exceeded: 365250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3249 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.
CVE-2014-3248 2 Puppet, Puppetlabs 6 Facter, Hiera, Marionette Collective and 3 more 2025-04-12 N/A
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
CVE-2014-3262 1 Cisco 2 Ios, Ios Xe 2025-04-12 N/A
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782.
CVE-2014-3247 1 O-dyn 1 Collabtive 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
CVE-2014-3246 1 O-dyn 1 Collabtive 2025-04-12 N/A
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
CVE-2014-3243 1 Makina-corpus 1 Soappy 2025-04-12 N/A
SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.
CVE-2014-3242 1 Makina-corpus 1 Soappy 2025-04-12 N/A
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-3227 1 Debian 1 Dpkg 2025-04-12 N/A
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
CVE-2014-3225 1 Cobblerd 1 Cobbler 2025-04-12 N/A
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
CVE-2014-3220 1 F5 1 Big-iq 2025-04-12 N/A
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
CVE-2014-3215 2 Redhat, Selinuxproject 2 Enterprise Linux, Policycoreutils 2025-04-12 N/A
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
CVE-2014-3214 1 Isc 1 Bind 2025-04-12 N/A
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.
CVE-2014-3210 2 Dotonpaper, Wordpress 2 Booking System, Wordpress 2025-04-12 N/A
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
CVE-2014-2941 1 Cobham 4 Ailor 6110 Mini-c Gmdss, Sailor 6006 Message Terminal, Sailor 6222 Vhf and 1 more 2025-04-12 N/A
Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials.
CVE-2014-2942 1 Cobham 2 Aviator 700d, Aviator 700e 2025-04-12 N/A
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.
CVE-2014-2946 1 Huawei 3 E303 Modem, E303 Modem Firmware, Webui 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.
CVE-2014-2947 1 Bizagi 1 Business Process Management Suite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
CVE-2014-2948 1 Bizagi 1 Business Process Management Suite 2025-04-12 N/A
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
CVE-2014-2949 1 F5 1 Arx Data Manager 2025-04-12 N/A
SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2950 1 Datumsystems 1 Snip 2025-04-12 N/A
Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands.