|
277731
|
9.8 |
CRITICAL
Network
|
gnu
|
libgfortran
|
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-5044
|
2024-11-21 11:11 |
2018-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277732
|
8.1 |
HIGH
Network
|
docker
|
docker
|
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
|
CWE-20
Improper Input Validation
|
CVE-2014-5282
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277733
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
|
CWE-352
Origin Validation Error
|
CVE-2014-5280
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277734
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitr…
|
CWE-284
Improper Access Control
|
CVE-2014-5279
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277735
|
5.4 |
MEDIUM
Network
|
oxid-esales
|
eshop
|
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4919
|
2024-11-21 11:11 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277736
|
8.8 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5070
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277737
|
7.5 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) …
|
CWE-22
Path Traversal
|
CVE-2014-5068
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277738
|
7.8 |
HIGH
Local
|
brbackup_project
|
brbackup
|
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5004
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277739
|
5.5 |
MEDIUM
Local
|
ciborg_project
|
ciborg
|
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlb…
|
CWE-20
Improper Input Validation
|
CVE-2014-5003
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277740
|
7.8 |
HIGH
Local
|
lynx_project
|
lynx
|
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
|
CWE-255
Credentials Management
|
CVE-2014-5002
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
