|
285131
|
3.3 |
LOW
Local
|
canonical
|
ubuntu-ui-toolkit
|
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL fla…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2014-1420
|
2024-11-21 11:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285132
|
5.0 |
MEDIUM
Local
|
canonical
|
trust-store_\(ubuntu\)
trust-store_\(ubuntu_rtm\)
|
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. T…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2014-1422
|
2024-11-21 11:04 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285133
|
5.5 |
MEDIUM
Local
|
signond_project
ubports
|
signond
ubuntu_touch
|
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the si…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-1423
|
2024-11-21 11:04 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285134
|
9.8 |
CRITICAL
Network
|
magento
|
advanced_newsletter
|
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
|
CWE-89
SQL Injection
|
CVE-2014-1634
|
2024-11-21 11:04 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285135
|
6.5 |
MEDIUM
Network
|
promotic
|
promotic
|
Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-1617
|
2024-11-21 11:04 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285136
|
9.1 |
CRITICAL
Network
|
mobileiron
|
virtual_smartphone_platform
sentry
|
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
|
CWE-91
Blind XPath Injection
|
CVE-2014-1409
|
2024-11-21 11:04 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285137
|
9.8 |
CRITICAL
Network
|
centurystar_project
|
centurystar
|
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
|
CWE-787
Out-of-bounds Write
|
CVE-2014-1598
|
2024-11-21 11:04 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285138
|
4.8 |
MEDIUM
Network
|
pearson
|
esis_enterprise_student_information_system
|
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
|
CWE-79
Cross-site Scripting
|
CVE-2014-1454
|
2024-11-21 11:04 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285139
|
5.3 |
MEDIUM
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
|
CWE-254
7PK - Security Features
|
CVE-2014-1428
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285140
|
6.1 |
MEDIUM
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1427
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
