|
277311
|
- |
|
google
|
chrome
|
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9689
|
2024-11-21 11:21 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277312
|
- |
|
ninjaforms
|
ninja_forms
|
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
|
NVD-CWE-noinfo
|
CVE-2014-9688
|
2024-11-21 11:21 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277313
|
- |
|
canonical
linux
|
ubuntu_linux
linux_kernel
|
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buf…
|
CWE-189
Numeric Errors
|
CVE-2014-9683
|
2024-11-21 11:21 |
2015-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277314
|
- |
|
linux
debian
canonical
oracle
|
linux_kernel
debian_linux
ubuntu_linux
linux
|
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the…
|
CWE-269
Improper Privilege Management
|
CVE-2014-9644
|
2024-11-21 11:21 |
2015-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277315
|
- |
|
dns-sync_project
|
dns-sync
|
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
|
CWE-77
Command Injection
|
CVE-2014-9682
|
2024-11-21 11:21 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277316
|
- |
|
ffmpeg
|
ffmpeg
|
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memo…
|
NVD-CWE-Other
|
CVE-2014-9676
|
2024-11-21 11:21 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277317
|
- |
|
vanillaforums
|
vanilla_forums
vanilla
|
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9685
|
2024-11-21 11:21 |
2015-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277318
|
- |
|
openstack
|
image_registry_and_delivery_service_\(glance\)
|
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)…
|
CWE-399
Resource Management Errors
|
CVE-2014-9684
|
2024-11-21 11:21 |
2015-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277319
|
- |
|
apple
|
cups
|
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which trigger…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9679
|
2024-11-21 11:21 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277320
|
- |
|
samba
opensuse
oracle
|
rsync
opensuse
solaris
|
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
|
CWE-59
Link Following
|
CVE-2014-9512
|
2024-11-21 11:21 |
2015-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
