|
276401
|
9.8 |
CRITICAL
Network
|
imagemagick
suse
opensuse
|
imagemagick
linux_enterprise_software_development_kit
linux_enterprise_server
linux_enterprise_workstation_extension
linux_enterprise_desktop
opensuse
leap
|
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2014-9852
|
2024-11-21 11:21 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276402
|
9.8 |
CRITICAL
Network
|
mcafee
|
cloud_analysis_and_deconstructive_services
|
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9921
|
2024-11-21 11:21 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276403
|
5.9 |
MEDIUM
Network
|
mcafee
|
application_control
|
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 befor…
|
CWE-284
Improper Access Control
|
CVE-2014-9920
|
2024-11-21 11:21 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276404
|
5.5 |
MEDIUM
Local
|
busybox
|
busybox
|
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demo…
|
CWE-20
Improper Input Validation
|
CVE-2014-9645
|
2024-11-21 11:21 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276405
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page requ…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9916
|
2024-11-21 11:21 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276406
|
6.1 |
MEDIUM
Network
|
alinto
|
sogo
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9905
|
2024-11-21 11:21 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276407
|
6.1 |
MEDIUM
Network
|
gosa_project
|
gosa
|
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9760
|
2024-11-21 11:21 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276408
|
7.8 |
HIGH
Local
|
linux
google
|
linux_kernel
android
|
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by …
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2014-9914
|
2024-11-21 11:21 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276409
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9772
|
2024-11-21 11:21 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276410
|
7.5 |
HIGH
Network
|
viprinet
|
multichannel_vpn_router_300_firmware
|
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before…
|
CWE-20
Improper Input Validation
|
CVE-2014-9755
|
2024-11-21 11:21 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
