|
283531
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2014-2902
|
2024-11-21 11:07 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283532
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
|
CWE-295
Improper Certificate Validation
|
CVE-2014-2901
|
2024-11-21 11:07 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283533
|
9.1 |
CRITICAL
Network
|
linux
google
|
linux_kernel
chrome_os
|
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting com…
|
CWE-125
Out-of-bounds Read
|
CVE-2014-3180
|
2024-11-21 11:07 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283534
|
9.8 |
CRITICAL
Network
|
ezpz-one-click-backup_project
|
ezpz-one-click-backup
|
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.p…
|
CWE-77
Command Injection
|
CVE-2014-3114
|
2024-11-21 11:07 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283535
|
7.1 |
HIGH
Local
|
truecrypt_project
|
truecrypt
|
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in Encrypt…
|
CWE-200
CWE-190
CWE-400
Information Exposure
Integer Overflow or Wraparound
Uncontrolled Resource Consumption
|
CVE-2014-2885
|
2024-11-21 11:07 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283536
|
3.3 |
LOW
Local
|
truecrypt_project
|
truecrypt
|
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_O…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2014-2884
|
2024-11-21 11:07 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283537
|
9.8 |
CRITICAL
Network
|
seagate
|
blackarmor_nas_220_firmware
blackarmor_nas_110_firmware
|
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_c…
|
CWE-20
Improper Input Validation
|
CVE-2014-3206
|
2024-11-21 11:07 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283538
|
9.8 |
CRITICAL
Network
|
seagate
|
blackarmor_nas_220_firmware
blackarmor_nas_110_firmware
|
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-3205
|
2024-11-21 11:07 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283539
|
7.8 |
HIGH
Local
|
fishshell
fedoraproject
|
fish
fedora
|
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
|
CWE-59
Link Following
|
CVE-2014-3219
|
2024-11-21 11:07 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283540
|
9.8 |
CRITICAL
Network
|
sugarcrm
|
sugarcrm
|
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in …
|
CWE-611
XXE
|
CVE-2014-3244
|
2024-11-21 11:07 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
