|
278271
|
7.8 |
HIGH
Local
|
videolan
|
vlc_media_player
|
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unsp…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2014-9626
|
2024-11-21 11:21 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278272
|
7.8 |
HIGH
Local
|
videolan
|
vlc_media_player
|
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remot…
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-9625
|
2024-11-21 11:21 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278273
|
6.5 |
MEDIUM
Network
|
tornadoweb
|
tornado
|
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determi…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2014-9720
|
2024-11-21 11:21 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278274
|
6.5 |
MEDIUM
Adjacent
|
google
|
android
|
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).
|
NVD-CWE-noinfo
|
CVE-2014-9908
|
2024-11-21 11:21 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278275
|
7.5 |
HIGH
Network
|
makerbot
|
replicator_5th_generation_firmware
|
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthe…
|
CWE-200
Information Exposure
|
CVE-2014-9699
|
2024-11-21 11:21 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278276
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9919
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278277
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9918
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278278
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9917
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278279
|
4.9 |
MEDIUM
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated user…
|
CWE-93
CRLF Injection
|
CVE-2014-9563
|
2024-11-21 11:21 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278280
|
7.5 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
|
CWE-284
Improper Access Control
|
CVE-2014-9504
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
