CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2014-4955 Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allo... | N/A | NONE | — | 0 |
| CVE-2014-4986 Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arb... | N/A | NONE | — | 0 |
| CVE-2014-4987 server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers ... | N/A | NONE | — | 0 |
| CVE-2014-4734 Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | N/A | NONE | — | 0 |
| CVE-2014-4960 Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitr... | N/A | NONE | — | 0 |
| CVE-2014-5016 Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json fu... | N/A | NONE | — | 0 |
| CVE-2014-3820 Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 befor... | N/A | NONE | — | 0 |
| CVE-2014-5017 SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx para... | N/A | NONE | — | 0 |
| CVE-2014-5018 Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK ch... | N/A | NONE | — | 0 |
| CVE-2013-7392 Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | N/A | NONE | — | 0 |
| CVE-2014-2385 Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFi... | N/A | NONE | — | 0 |
| CVE-2014-4326 Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | N/A | NONE | — | 0 |
| CVE-2014-3530 The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references,... | N/A | NONE | — | 0 |
| CVE-2014-4511 Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrat... | N/A | NONE | — | 0 |
| CVE-2014-4911 The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersui... | N/A | NONE | — | 0 |
| CVE-2014-5019 The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file... | N/A | NONE | — | 0 |
| CVE-2014-5020 The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read f... | N/A | NONE | — | 0 |
| CVE-2014-5021 Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject ar... | N/A | NONE | — | 0 |
| CVE-2014-5022 Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled te... | N/A | NONE | — | 0 |
| CVE-2014-5023 Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout... | N/A | NONE | — | 0 |
| CVE-2014-3518 jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform... | N/A | NONE | — | 0 |
| CVE-2014-4947 Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2014-4948 Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VH... | N/A | NONE | — | 0 |
| CVE-2014-1548 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and applica... | N/A | NONE | — | 0 |
| CVE-2014-1549 The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows ... | N/A | NONE | — | 0 |
| CVE-2014-3939 Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file. | N/A | NONE | — | 0 |
| CVE-2014-1550 Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap... | N/A | NONE | — | 0 |
| CVE-2014-1552 Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-ori... | N/A | NONE | — | 0 |
| CVE-2014-1558 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 charact... | N/A | NONE | — | 0 |
| CVE-2014-1559 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 charact... | N/A | NONE | — | 0 |
| CVE-2014-4501 Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect... | N/A | NONE | — | 0 |
| CVE-2014-1560 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII charact... | N/A | NONE | — | 0 |
| CVE-2014-1561 Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScrip... | N/A | NONE | — | 0 |
| CVE-2014-3537 The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | N/A | NONE | — | 0 |
| CVE-2014-3555 OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a lar... | N/A | NONE | — | 0 |
| CVE-2014-3938 Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow. | N/A | NONE | — | 0 |
| CVE-2014-4502 Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1... | N/A | NONE | — | 0 |
| CVE-2014-4503 The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversi... | N/A | NONE | — | 0 |
| CVE-2014-4980 The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | N/A | NONE | — | 0 |
| CVE-2014-0607 Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable... | N/A | NONE | — | 0 |
| CVE-2014-1419 Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2014-2717 Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administ... | N/A | NONE | — | 0 |
| CVE-2014-2968 Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary w... | N/A | NONE | — | 0 |
| CVE-2014-2971 Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description... | N/A | NONE | — | 0 |
| CVE-2014-3110 Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote... | N/A | NONE | — | 0 |
| CVE-2014-3322 Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malf... | N/A | NONE | — | 0 |
| CVE-2014-4682 The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | N/A | NONE | — | 0 |
| CVE-2014-4736 SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. | N/A | NONE | — | 0 |
| CVE-2014-4683 The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | N/A | NONE | — | 0 |
| CVE-2014-4684 The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.